From owner-freebsd-stable@FreeBSD.ORG Sun Jun 17 09:18:29 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 028ED106564A for ; Sun, 17 Jun 2012 09:18:29 +0000 (UTC) (envelope-from prabhpal@digital-infotech.net) Received: from mail.digital-infotech.net (mail.digital-infotech.net [41.211.25.193]) by mx1.freebsd.org (Postfix) with ESMTP id 932798FC0C for ; Sun, 17 Jun 2012 09:18:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.digital-infotech.net (Postfix) with ESMTP id 186D72E404A; Sun, 17 Jun 2012 09:18:25 +0000 (GMT) Received: from mail.digital-infotech.net ([127.0.0.1]) by localhost (mail.digital-infotech.net [127.0.0.1]) (maiad, port 10024) with ESMTP id 22371-04; Sun, 17 Jun 2012 09:18:24 +0000 (GMT) Received: from mail.digital-infotech.net (localhost [127.0.0.1]) by mail.digital-infotech.net (Postfix) with ESMTP id E49DA2E4017; Sun, 17 Jun 2012 09:18:24 +0000 (GMT) X-DKIM: OpenDKIM Filter v2.5.0 mail.digital-infotech.net E49DA2E4017 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digital-infotech.net; s=digital; t=1339924704; bh=KzNDxP8NvdFx2DfiqNH8I1FcI3pjyHo4SeZRPvH79Q4=; h=In-Reply-To:References:Date:Subject:From:To:Cc:Reply-To; b=jTNu/n0/uCxJxQ/rcPeqlWdxmQ8jEMYPuzLR0CG51LEaUOsE6W7h/tK6DR4Q7F/L/ 5cjjI0CCpSLIO97g8J5iUne4VKZ9t/UTcFWoG3ZG+P6WRyS5Ubp0W6YNG5cK/wVJDA WWhl3FgOiP5L0Bwr+GgP2d40QlWbIFsXQVHdyB18= Received: from 41.211.0.76 (SquirrelMail authenticated user prabhpal@digital-infotech.net) by mail.digital-infotech.net with HTTP; Sun, 17 Jun 2012 09:18:24 -0000 Message-ID: In-Reply-To: <4FDCE91C.9040005@infracaninophile.co.uk> References: <4360846ab93b3a2b1968ee0f262cf148.squirrel@mail.digital-infotech.net> <4FDB6490.8080509@infracaninophile.co.uk> <98c09d7edf95e0e07910e7e5ce46accc.squirrel@mail.digital-infotech.net> <4FDB6CBD.6080900@infracaninophile.co.uk> <738cbc31aa2dce5787dc85cafb3d02a6.squirrel@mail.digital-infotech.net> <69642fed4fe6d9fb794eaedf2557cd8f.squirrel@mail.digital-infotech.net> <4FDCE91C.9040005@infracaninophile.co.uk> Date: Sun, 17 Jun 2012 09:18:24 -0000 From: "Shiv. Nath" To: "Matthew Seaman" User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-stable@freebsd.org Subject: Re: USE PF to Prevent SMTP Brute Force Attacks - Resolved !!! X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: prabhpal@digital-infotech.net List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jun 2012 09:18:29 -0000 On 16/06/2012 21:03, Shiv. Nath wrote: Dear Matthew, Matthew, one a, one e. first thanks for assisting to secure 22/25 ports from brute force attack. i wish to consult if the following white list looks fine to exclude trusted networks (own network) int0="em0" secured_attack_ports="{21,22,25}" table persist block in log quick from pass in on $int0 proto tcp \ from any to $int0 port $secured_attack_ports \ flags S/SA keep state \ (max-src-conn-rate 5/300, overload flush global) ## Exclude Own Network From Brute-Force Rule ## table persist {71.221.25.0/24, 71.139.22.0/24} pass in on $int0 proto tcp from to any port $secured_attack_ports But, yes, other than that it looks good. You want to move the table definitions up to the top of the file and as you've shown, you want your network specific rule after the more generic rate-limited accept rule: remember that (except for quick rules) it's the last matching rule in the ruleset that applies. Cheers, Matthew Dear Matthew, i am sorry for misspelling your named, finally it is done with your assistance. you have very good knowledge of PF because you are gentleman indeed. sorry to trouble you too much. Thanks / Thanks / Thanks / Thanks / Thanks /Thanks / Thanks / Thanks