Date: Sat, 16 Jun 2012 16:23:30 -0000 From: "Shiv. Nath" <prabhpal@digital-infotech.net> To: freebsd-stable@freebsd.org Subject: Re: PF to Preventing SMTP Brute Force Attacks Message-ID: <3a8ddfc84f06a5fb1700f6c97f5473d4.squirrel@mail.digital-infotech.net> In-Reply-To: <1CAF986C-46CC-4D8D-B18F-A208796483EF@gromit.dlib.vt.edu> References: <4360846ab93b3a2b1968ee0f262cf148.squirrel@mail.digital-infotech.net> <4FDB6490.8080509@infracaninophile.co.uk> <98c09d7edf95e0e07910e7e5ce46accc.squirrel@mail.digital-infotech.net> <1CAF986C-46CC-4D8D-B18F-A208796483EF@gromit.dlib.vt.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Jun 15, 2012, at 12:55 PM, Shiv. Nath wrote: > >> # START >> table bruteforce persist >> block in log quick from bruteforce >> >> pass in on $ext_if proto tcp \ >> from any to $ext_if port $trusted_tcp_ports \ >> flags S/SA keep state \ >> (max-src-conn-rate 3/300, overload bruteforce flush global) >> >> # END >> >> AND CRON: >> */12 * * * * /sbin/pfctl -t ssh-bruteforce -T expire 604800 >/dev/null >> 2>&1 >> >> What is the function "expire 604800" are they entries in the table? >> should it be -t bruteforce or -t ssh-bruteforce > > > It refers to entries in the table specified by the "-t" option and > instructs pf to expire (remove from the table) all entries older than the > specified time (in seconds). Basically, the value 604800 will expire > entries older than 1 week. > > For the above pf rules, the cron entry should be "-t bruteforce" (although > in the pf rules you should be using "<bruteforce>"). > > Cheers, > > Paul. > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > Dear Metthew & Paul, Thank you very much for your time, efforts and energy to help me configuring PF. Metthew also advised to create white, so that i do not lock myself. i have have to yet look at it. i will get in touch if i require more help. Thanks Regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3a8ddfc84f06a5fb1700f6c97f5473d4.squirrel>