>> Ooops. Yes, -t bruteforce is correct. "expire 604800" means delete
>> entries after they've been in the table for that number of seconds (ie
>> after one week)
>>
>> Cheers,
>>
>> Matthew
>>
>> --
>> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
>> Flat 3
>> PGP:
http://www.infracaninophile.co.uk/pgpkey Ramsgate
>> JID:
matthew@infr... Kent, CT11 9PW
Dear Metthew,
first thanks for assisting to secure 22/25 ports from brute force attack.
i wish to consult if the following white list looks fine to exclude
trusted networks (own network)
int0="em0"
secured_attack_ports="{21,22,25}"
table <bruteforce> persist
block in log quick from <bruteforce>
pass in on $int0 proto tcp \
from any to $int0 port $secured_attack_ports \
flags S/SA keep state \
(max-src-conn-rate 5/300, overload <bruteforce> flush global)
## Exclude Own Netowrk From Brute-Force Rule ##
table <own_network> persist {71.221.25.0/24, 71.139.22.0/24}
pass in on $int0 proto tcp from <own_network> to any
OR
pass in on $int0 proto tcp from <own_network> to secured_attack_ports
Thanks / Regards
_______________________________________________
freebsd-stable@free... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "
freebsd-stable-unsubscribe@free..."
opensubscriber is not affiliated with the authors of this message nor responsible for its content.
Delicious
Digg
reddit
Facebook
StumbleUpon
