Re: PF to Preventing SMTP Brute Force Attacks

Find in this group all groups

Home Log In Sign Up FAQ

Unknown

more information…

f : freebsd-stable@freebsd.org

16 June 2012 • 1:12AM -0400

Re: PF to Preventing SMTP Brute Force Attacks
by Paul Mather

Google me that

REPLY TO AUTHOR

Google me that

REPLY TO GROUP

On Jun 15, 2012, at 12:55 PM, Shiv. Nath wrote:

> # START
> table bruteforce persist
> block in log quick from bruteforce
>
> pass in on $ext_if proto tcp \
> from any to $ext_if port $trusted_tcp_ports \
> flags S/SA keep state \
> (max-src-conn-rate 3/300, overload bruteforce flush global)
>
> # END
>
> AND CRON:
> */12 * * * * /sbin/pfctl -t ssh-bruteforce -T expire 604800 >/dev/null
> 2>&1
>
> What is the function "expire 604800" are they entries in the table?
> should it be -t bruteforce or -t ssh-bruteforce

It refers to entries in the table specified by the "-t" option and instructs pf to expire (remove from the table) all entries older than the specified time (in seconds). Basically, the value 604800 will expire entries older than 1 week.

For the above pf rules, the cron entry should be "-t bruteforce" (although in the pf rules you should be using "<bruteforce>").

Cheers,

Paul.

_______________________________________________
freebsd-stable@free... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@free..."

Bookmark with:

Delicious

Digg

Facebook

StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.