pf.conf and some questions about brute attacks
As I'm discovering my way through pf while reading the book "The book of PF", I have some questions and need a little help. First of all, I want to be able to configure pf to stop the brute force attacks. So, let's go to pf.conf as the book gives in the example.
First I have to create a table with
table <bruteforce> persist file "etc/bruteforce"
After that, we're creating the rule
block quick from <bruteforce>
What I don't understand, is the following:
pass inet proto tcp to $localnet port $tcp_services \ keep state (max-src-conn 100, max-src-conn-rate 15/5, \ overload <bruteforce> flush global)
- in the case I want to transfer files from outside the local network (for example I'll say 150 small text files.not a chance, but for the sake of the question), I must configure the max-conn-rate, or every file counts as a new connection (and therefore I have to modify the max-src-conn?)
|bruteforce, pf, pf.conf|
|Thread||Thread Starter||Forum||Replies||Last Post|
|ssh brute force attacks||sniper007||FreeBSD Security||21||12th June 2011 01:28 AM|
|attacks DDoS||Sam||OpenBSD Security||6||17th December 2009 11:07 PM|
|some login.conf questions||gosha||OpenBSD General||2||5th July 2009 12:43 PM|
|pf.conf brute force rule||ijk||FreeBSD Security||6||11th August 2008 04:54 PM|
|rc.conf questions||starbuck||FreeBSD General||2||29th July 2008 06:16 PM|