Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Jun 2012 19:44:23 -0000
From:      "Shiv. Nath" <prabhpal@digital-infotech.net>
To:        "Matthew Seaman" <m.seaman@infracaninophile.co.uk>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: PF to Preventing SMTP Brute Force Attacks
Message-ID:  <738cbc31aa2dce5787dc85cafb3d02a6.squirrel@mail.digital-infotech.net>
In-Reply-To: <4FDB6CBD.6080900@infracaninophile.co.uk>
References:  <4360846ab93b3a2b1968ee0f262cf148.squirrel@mail.digital-infotech.net> <4FDB6490.8080509@infracaninophile.co.uk> <98c09d7edf95e0e07910e7e5ce46accc.squirrel@mail.digital-infotech.net> <4FDB6CBD.6080900@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 

>> Dear Mattthew,
>>
>> Grateful for sending me in right direction, solution really sounds well.
>> Does it look good configuration for "/etc/pf.conf" ?
>>
>> # START
>> table bruteforce persist
>
> Watch the syntax -- it's table <bruteforce> persist with angle brackets.
>
>> block in log quick from bruteforce
>>
>> pass in on $ext_if proto tcp \
>> from any to $ext_if port $trusted_tcp_ports \
>> flags S/SA keep state \
>> (max-src-conn-rate 3/300, overload bruteforce flush global)
>
> Again -- you need angle brackets around the table name.
>
>>
>> # END
>>
>> AND CRON:
>> */12 * * * *	/sbin/pfctl -t ssh-bruteforce -T expire 604800 >/dev/null
>> 2>&1
>>
>> What is the function "expire 604800" are they entries in the table?
>> should it be -t bruteforce or -t ssh-bruteforce
>
> Ooops.  Yes, -t bruteforce is correct.  "expire 604800" means delete
> entries after they've been in the table for that number of seconds (ie
> after one week)
>
> 	Cheers,
>
> 	Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
>                                                   Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
> JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW


Dear Mattthew,

i am very much grateful for your assistance and advice configuring PF
correctly. Well done !

Thanks / Regards

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?738cbc31aa2dce5787dc85cafb3d02a6.squirrel>