> On Jun 15, 2012, at 12:55 PM, Shiv. Nath wrote:
>> # START
>> table bruteforce persist
>> block in log quick from bruteforce
>> pass in on $ext_if proto tcp \
>> from any to $ext_if port $trusted_tcp_ports \
>> flags S/SA keep state \
>> (max-src-conn-rate 3/300, overload bruteforce flush global)
>> # END
>> AND CRON:
>> */12 * * * * /sbin/pfctl -t ssh-bruteforce -T expire 604800 >/dev/null
>> What is the function "expire 604800" are they entries in the table?
>> should it be -t bruteforce or -t ssh-bruteforce
> It refers to entries in the table specified by the "-t" option and
> instructs pf to expire (remove from the table) all entries older than the
> specified time (in seconds). Basically, the value 604800 will expire
> entries older than 1 week.
> For the above pf rules, the cron entry should be "-t bruteforce" (although
> in the pf rules you should be using "<bruteforce>").
> freebsd-stable@free... mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@free..."
Dear Metthew & Paul,
Thank you very much for your time, efforts and energy to help me
configuring PF. Metthew also advised to create white, so that i do not
lock myself. i have have to yet look at it.
i will get in touch if i require more help. Thanks