Date: Fri, 15 Jun 2012 13:00:48 -0400 From: Jason Hellenthal <jhellenthal@dataix.net> To: "Shiv. Nath" <prabhpal@digital-infotech.net> Cc: freebsd-stable@freebsd.org Subject: Re: PF to Preventing SMTP Brute Force Attacks Message-ID: <20120615170048.GA39970@DataIX.net> In-Reply-To: <4360846ab93b3a2b1968ee0f262cf148.squirrel@mail.digital-infotech.net> References: <4360846ab93b3a2b1968ee0f262cf148.squirrel@mail.digital-infotech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 15, 2012 at 04:17:06PM -0000, Shiv. Nath wrote: > Hi FreeBSD Gurus, > > > i want to use PF to Preventing SMTP Brute Force Attacks. i need some help > to understand correct syntax. > > URL Explaining this: http://www.openbsd.org/faq/pf/filter.html#stateopts > > > i expect the following behavior from the PF rule below: > > Limit the absolute maximum number of states that this rule can create to 200 > > Enable source tracking; limit state creation based on states created by > this rule only > > Limit the maximum number of nodes that can simultaneously create state to 100 > > Limit the maximum number of simultaneous states per source IP to 3 > > Solution: > int0="em0" > trusted_tcp_ports="{22,25,443,465}" > pass in on $int0 proto tcp from any to any port $trusted_tcp_ports keep state (max 200, source-track rule, max-src-nodes 100, max-src-states 3 ) I don't know if max will work here but this is what I use for a sshd rule. pass in log quick proto tcp from any port >1023 to any port 22 flags S/SA keep state (max-src-conn 5, max-src-conn-rate 5/15 overload <sshmart> flush global) You should be using the syntax from pf41 through pf45. The URL you referenced has a syntax that changed in pf46, pf47 onward... -- - (2^(N-1))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120615170048.GA39970>