From owner-freebsd-pf@FreeBSD.ORG  Tue Nov 28 21:33:03 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A97A916A415
	for <freebsd-pf@freebsd.org>; Tue, 28 Nov 2006 21:33:03 +0000 (UTC)
	(envelope-from clacroix@cegep-ste-foy.qc.ca)
Received: from missive.cegep-ste-foy.qc.ca (missive.cegep-ste-foy.qc.ca
	[199.202.105.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 29A3A43CA0
	for <freebsd-pf@freebsd.org>; Tue, 28 Nov 2006 21:32:43 +0000 (GMT)
	(envelope-from clacroix@cegep-ste-foy.qc.ca)
Received: from missive.cegep-ste-foy.qc.ca (localhost.cegep-ste-foy.qc.ca
	[127.0.0.1])
	by missive.cegep-ste-foy.qc.ca (Postfix) with ESMTP id A6FE6570BA
	for <freebsd-pf@freebsd.org>; Tue, 28 Nov 2006 16:32:31 -0500 (EST)
Received: from sti-test.cegep-ste-foy.qc.ca (sti-test.cegep-ste-foy.qc.ca
	[199.202.105.98])
	by missive.cegep-ste-foy.qc.ca (Postfix) with ESMTP id 8C77457085
	for <freebsd-pf@freebsd.org>; Tue, 28 Nov 2006 16:32:31 -0500 (EST)
From: Charles Lacroix <clacroix@cegep-ste-foy.qc.ca>
To: "FreeBSD " <freebsd-pf@freebsd.org>
Date: Tue, 28 Nov 2006 16:32:05 -0500
User-Agent: KMail/1.9.4
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200611281632.05280.clacroix@cegep-ste-foy.qc.ca>
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: Question about pf
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2006 21:33:03 -0000

hi, 

i read some of the pf.conf man page and i found something really neat for my 
servers. It's not 100% what i need but very close and i was hoping you pf 
gurus could help me out with this one.



I have created the following rules and i have 2 small problems.

table <badhosts> {} persist
block quick     on $ext_if proto tcp from <badhosts> to $external_addr port 23 

pass in on $ext_if proto tcp to $external_addr port 23 flags S/SA modulate \     
state (max-src-conn-rate 5/60, overload <badhosts> flush global)


1. I wanted to do is make sure the ip's get unbanned after let's say 30 
minutes or so.

2. When my ip gets into badhosts, most of my current ssh connections hang.
it's kinda strange since my block rule is specific on the telnet port.


any ideas/comments

Thanks
Charles