Date: Mon, 31 Mar 2008 12:12:34 -0700 From: Adam Vondersaar <avonders@calarts.edu> To: freebsd-pf@freebsd.org Subject: problem with PF tables Message-ID: <47F137A2.70400@calarts.edu>
next in thread | raw e-mail | index | archive | help
I have had a production machine running for 6 months now using PF to
block SSH brute force attacks. What seems to happen now is that the
table is not staying open and PF can not add the IP to block. I am
curious if anyone has ran in to such a problem. I am using the
expiretable port to clear the tables with a cron job and here is an
excerpt from the pf.conf:
table <bruteforce> persist
block quick from <bruteforce>
pass in log (all) on $ext_if inet proto tcp from any to $ext_if port 22 \
flags S/SA keep state \
(max-src-conn 10, max-src-conn-rate 3/30, \
overload <bruteforce> flush global)
-Adam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47F137A2.70400>