Re: USE PF to Prevent SMTP Brute Force Attacks - Resolved !!!
On 16/06/2012 21:03, Shiv. Nath wrote: Dear Matthew, Matthew, one a, one e. first thanks for assisting to secure 22/25 ports from brute force attack. i wish to consult if the following white list looks fine to exclude trusted networks (own network) int0="em0" secured_attack_ports="{21,22,25}" table persist block in log quick from pass in on $int0 proto tcp \ from any to $int0 port $secured_attack_ports \ flags S/SA keep state \ (max-src-conn-rate 5/300, overload flush global) ## Exclude Own Network From Brute-Force Rule ## table persist {71.221.25.0/24, 71.139.22.0/24} pass in on $int0 proto tcp from to any port $secured_attack_ports But, yes, other than that it looks good. You want to move the table definitions up to the top of the file and as you've shown, you want your network specific rule after the more generic rate-limited accept rule: remember that (except for quick rules) it's the last matching rule in the ruleset that applies. Cheers, Matthew Dear Matthew, i am sorry for misspelling your named, finally it is done with your assistance. you have very good knowledge of PF because you are gentleman indeed. sorry to trouble you too much. Thanks / Thanks / Thanks / Thanks / Thanks /Thanks / Thanks / Thanks ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: USE PF to Prevent SMTP Brute Force Attacks - Resolved !!!
On 16/06/2012 21:03, Shiv. Nath wrote: > Dear Metthew, Matthew, one a, one e. > first thanks for assisting to secure 22/25 ports from brute force attack. > i wish to consult if the following white list looks fine to exclude > trusted networks (own network) > > > > int0="em0" > secured_attack_ports="{21,22,25}" > > table persist > block in log quick from > pass in on $int0 proto tcp \ > from any to $int0 port $secured_attack_ports \ > flags S/SA keep state \ > (max-src-conn-rate 5/300, overload flush global) > > > ## Exclude Own Netowrk From Brute-Force Rule ## > > table persist {71.221.25.0/24, 71.139.22.0/24} > pass in on $int0 proto tcp from to any > > OR > > pass in on $int0 proto tcp from to secured_attack_ports ^ $secured_attack_ports You seem to have missed out a $ sign there. But, yes, other than that it looks good looks good. You want to move the table definitions up to the top of the file and as you've shown, you want your network specific rule after the more generic rate-limited accept rule: remember that (except for quick rules) it's the last matching rule in the ruleset that applies. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: USE PF to Prevent SMTP Brute Force Attacks - Resolved !!!
>> Ooops. Yes, -t bruteforce is correct. "expire 604800" means delete >> entries after they've been in the table for that number of seconds (ie >> after one week) >> >> Cheers, >> >> Matthew >> >> -- >> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard >> Flat 3 >> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate >> JID: matt...@infracaninophile.co.uk Kent, CT11 9PW Dear Metthew, first thanks for assisting to secure 22/25 ports from brute force attack. i wish to consult if the following white list looks fine to exclude trusted networks (own network) int0="em0" secured_attack_ports="{21,22,25}" table persist block in log quick from pass in on $int0 proto tcp \ from any to $int0 port $secured_attack_ports \ flags S/SA keep state \ (max-src-conn-rate 5/300, overload flush global) ## Exclude Own Netowrk From Brute-Force Rule ## table persist {71.221.25.0/24, 71.139.22.0/24} pass in on $int0 proto tcp from to any OR pass in on $int0 proto tcp from to secured_attack_ports Thanks / Regards ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"