From owner-freebsd-questions@FreeBSD.ORG  Thu Sep  4 20:39:06 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 17B061065683
	for <questions@freebsd.org>; Thu,  4 Sep 2008 20:39:06 +0000 (UTC)
	(envelope-from oliver@nemesis.charlie.mouhaha.de)
Received: from nemesis.charlie.mouhaha.de (nemesis.charlie.mouhaha.de
	[78.47.10.193]) by mx1.freebsd.org (Postfix) with ESMTP id C85558FC15
	for <questions@freebsd.org>; Thu,  4 Sep 2008 20:39:05 +0000 (UTC)
	(envelope-from oliver@nemesis.charlie.mouhaha.de)
Received: from localhost (nemesis.charlie.mouhaha.de [78.47.10.193])
	by nemesis.charlie.mouhaha.de (Postfix) with ESMTP id B434C48EDC;
	Thu,  4 Sep 2008 21:20:51 +0100 (BST)
X-Virus-Scanned: amavisd-new at mouhaha.de
Received: from nemesis.charlie.mouhaha.de ([78.47.10.193])
	by localhost (nemesis.charlie.mouhaha.de [78.47.10.193]) (amavisd-new,
	port 10024)
	with ESMTP id dIf9VdSNdVxc; Thu,  4 Sep 2008 21:20:48 +0100 (BST)
Received: by nemesis.charlie.mouhaha.de (Postfix, from userid 1001)
	id 3E5CF48EC8; Thu,  4 Sep 2008 21:20:48 +0100 (BST)
Date: Thu, 4 Sep 2008 21:20:48 +0100
From: Oliver Peter <lists@peter.de.com>
To: Redd Vinylene <reddvinylene@gmail.com>
Message-ID: <20080904202047.GA10842@nemesis.frida.mouhaha.de>
References: <f1019d520809041223i3e20d380r8d7fa4b47b851e1e@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <f1019d520809041223i3e20d380r8d7fa4b47b851e1e@mail.gmail.com>
X-Operating-System: FreeBSD 7.0-RELEASE-p3 amd64
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: misc@openbsd.org, questions@freebsd.org
Subject: Re: pf to block against DDoS?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Sep 2008 20:39:06 -0000

On Thu, Sep 04, 2008 at 09:23:09PM +0200, Redd Vinylene wrote:
> Hello hello!
> 
> I was quite shocked today when I heard I could use pf to block against DDoS
> attacks, using Stateful Tracking Options,
> http://www.openbsd.org/faq/pf/filter.html#stateopts.
> 
> But does anybody have any nice setups of this they'd want to share?
> 
> Much obliged, and thanks.

... nice cross-post.

I can recommend reading through this as well:
  http://www.bgnett.no/~peter/pf/en/bruteforce.html

-- 
Oliver PETER, email: oliver@peter.de.com, ICQ# 113969174
"If it feels good, you're doing something wrong."
                                      -- Coach McTavish