From owner-freebsd-stable@FreeBSD.ORG Sat Jun 16 16:23:38 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 776EE106566C for ; Sat, 16 Jun 2012 16:23:38 +0000 (UTC) (envelope-from prabhpal@digital-infotech.net) Received: from mail.digital-infotech.net (mail.digital-infotech.net [41.211.25.193]) by mx1.freebsd.org (Postfix) with ESMTP id 132628FC19 for ; Sat, 16 Jun 2012 16:23:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.digital-infotech.net (Postfix) with ESMTP id 7EC912E404A for ; Sat, 16 Jun 2012 16:23:30 +0000 (GMT) Received: from mail.digital-infotech.net ([127.0.0.1]) by localhost (mail.digital-infotech.net [127.0.0.1]) (maiad, port 10024) with ESMTP id 11874-04 for ; Sat, 16 Jun 2012 16:23:30 +0000 (GMT) Received: from mail.digital-infotech.net (localhost [127.0.0.1]) by mail.digital-infotech.net (Postfix) with ESMTP id 5E5F22E4017 for ; Sat, 16 Jun 2012 16:23:30 +0000 (GMT) X-DKIM: OpenDKIM Filter v2.5.0 mail.digital-infotech.net 5E5F22E4017 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digital-infotech.net; s=digital; t=1339863810; bh=jfrXF0Ys+pU1dqEUckX59lf/QLhjJNEwY+pI+y3ykvM=; h=In-Reply-To:References:Date:Subject:From:To:Reply-To; b=PzwBguCCoGdUwKhP1/u/pYX/KEpYS7rUfA6LE82CCZO/JvNbgG/qBcZkWHDxWwwWb sIw8z9rFAZqn66/TsrdUWMSk3Km03zb04j6T72Jl6SU2rXlSIYtzcsonv2oVYvJrCI 4jHRoQP7NguUV30fGVDNQNPxvSSxjqnyqMh9mui0= Received: from 41.211.0.76 (SquirrelMail authenticated user prabhpal@digital-infotech.net) by mail.digital-infotech.net with HTTP; Sat, 16 Jun 2012 16:23:30 -0000 Message-ID: <3a8ddfc84f06a5fb1700f6c97f5473d4.squirrel@mail.digital-infotech.net> In-Reply-To: <1CAF986C-46CC-4D8D-B18F-A208796483EF@gromit.dlib.vt.edu> References: <4360846ab93b3a2b1968ee0f262cf148.squirrel@mail.digital-infotech.net> <4FDB6490.8080509@infracaninophile.co.uk> <98c09d7edf95e0e07910e7e5ce46accc.squirrel@mail.digital-infotech.net> <1CAF986C-46CC-4D8D-B18F-A208796483EF@gromit.dlib.vt.edu> Date: Sat, 16 Jun 2012 16:23:30 -0000 From: "Shiv. Nath" To: freebsd-stable@freebsd.org User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: PF to Preventing SMTP Brute Force Attacks X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: prabhpal@digital-infotech.net List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jun 2012 16:23:38 -0000 > On Jun 15, 2012, at 12:55 PM, Shiv. Nath wrote: > >> # START >> table bruteforce persist >> block in log quick from bruteforce >> >> pass in on $ext_if proto tcp \ >> from any to $ext_if port $trusted_tcp_ports \ >> flags S/SA keep state \ >> (max-src-conn-rate 3/300, overload bruteforce flush global) >> >> # END >> >> AND CRON: >> */12 * * * * /sbin/pfctl -t ssh-bruteforce -T expire 604800 >/dev/null >> 2>&1 >> >> What is the function "expire 604800" are they entries in the table? >> should it be -t bruteforce or -t ssh-bruteforce > > > It refers to entries in the table specified by the "-t" option and > instructs pf to expire (remove from the table) all entries older than the > specified time (in seconds). Basically, the value 604800 will expire > entries older than 1 week. > > For the above pf rules, the cron entry should be "-t bruteforce" (although > in the pf rules you should be using ""). > > Cheers, > > Paul. > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > Dear Metthew & Paul, Thank you very much for your time, efforts and energy to help me configuring PF. Metthew also advised to create white, so that i do not lock myself. i have have to yet look at it. i will get in touch if i require more help. Thanks Regards