Date: Tue, 14 Jul 2009 15:12:56 +0000 From: Tony <ghostsniper007@hotmail.com> To: <freebsd-pf@freebsd.org> Subject: question about max-src-conn and max-src-conn-rate Message-ID: <COL106-W36D87D1E308A510FBE56078C230@phx.gbl>
next in thread | raw e-mail | index | archive | help
Below is a packet filter snippet from my config file: =20 block drop log quick from <brute> ... pass in quick on $ext_if proto tcp from any to <webs> port 80 flags S/SA k= eep state (max-src-conn 80=2C max-src-conn-rate 200/2=2C overload <brute> f= lush global) pass out quick on $int_if proto tcp from any to <webs> port 80 flags S/SA k= eep state pass out quick on $ext_if proto tcp from <webs> port 80 to any flags SA/S= A keep state pass in quick on $int_if proto tcp from <webs> port 80 to any flags SA/S= A keep state =20 Question 1: Should the bruteforce rules be on each line=2C or just that first one? =20 Question 2: If they should be on each line=2C should I multiply the values (80=2C 200/2= ) by 4 ? =20 Question 3: Are the rates I'm using reasonable? blocking should be on the loose side =20 I'm open to any thoughts=2C opinions or screams on best practices=20 _________________________________________________________________ Attention all humans. We are your photos. Free us. http://go.microsoft.com/?linkid=3D9666046=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?COL106-W36D87D1E308A510FBE56078C230>