# SSH brutes protection
pass quick on $bridge inet proto tcp from any to $vlan10 port 22
keep state \
(max-src-conn 20, max-src-conn-rate 3/12, \
overload <ssh_brutes> flush global)
with success. No problem, all works fine.
I wonder if I can apply this type of rule to UDP connections (I try
to protect some busy DNS servers)
no, there's no way to avoid spoofed requests with UDP. if someone
sends a bunch of UDP packets spoofed from $BIG_ISP_RESOLVER's IP
address, their legitimate requests will be blocked.
I don't understand your response, Stuart.
I wonder if the mentioned rule (using max-src-conn and max-src-rate) is
also applicable to UDP-oriented connections as DNS is.
So,
pass quick on $bridge inet proto udp from any to $vlan10 port 53
keep state \
(max-src-conn 30, max-src-conn-rate 2/1, \
overload <dns_brutes> flush global)
¿it will be work?
--
I must not fear. Fear is the mind-killer. Fear is the little-death that
brings total obliteration. I will face my fear. I will permit it to pass
over me and through me. And when it has gone past I will turn the inner
eye to see its path. Where the fear has gone there will be nothing. Only
I will remain.
Bene Gesserit Litany Against Fear.