On 2009/11/24 13:26, Jordi Espasa Clofent wrote: > Hi all, > > I use the next rule: > > # SSH brutes protection > pass quick on $bridge inet proto tcp from any to $vlan10 port 22 > keep state \ > (max-src-conn 20, max-src-conn-rate 3/12, \ > overload <ssh_brutes> flush global) > > with success. No problem, all works fine. > > I wonder if I can apply this type of rule to UDP connections (I try > to protect some busy DNS servers)
no, there's no way to avoid spoofed requests with UDP. if someone sends a bunch of UDP packets spoofed from $BIG_ISP_RESOLVER's IP address, their legitimate requests will be blocked.
