Date: Thu, 4 Aug 2005 15:59:51 -0500 From: BB <brent.bolin@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: Can pf dynamicly close connections Message-ID: <787dcac2050804135922e97d80@mail.gmail.com> In-Reply-To: <42F28B79.1030202@tirloni.org> References: <787dcac2050803142433b8d084@mail.gmail.com> <42F28B79.1030202@tirloni.org>
next in thread | previous in thread | raw e-mail | index | archive | help
One of the sites that I maintain is moving to a different firewall. WatchGuard Firebox X1000. None of the full time admins can work with vi for= =20 system changes. This is a feature on the firewall. If attempts are made on ports that are= =20 close, all ports will be blocked for about 20 minutes. Don't know if the feature mentioned above is good or bad. On 8/4/05, Giovanni P. Tirloni <gpt@tirloni.org> wrote: >=20 > BB wrote: > > If a host is sending packets on ports that aren't even open can it > > temporarily close all connections to this host. >=20 > I don't think this a task pf itself should do but you can implement > something to monitor connections attemps on closed ports and then > inspect the pf's state table (pfctl -s state) and remove it (pfctl -k). >=20 > Do you want something like PortSentry ? Someone could spoof those > attempts and create a DoS on something you don't want to block. >=20 > -- > Giovanni P. Tirloni >=20 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?787dcac2050804135922e97d80>