DragonFly BSD
DragonFly bugs List (threaded) for 2006-09
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Another panic in 1.6.x


From: Gergo Szakal <bastyaelvtars@xxxxxxxxx>
Date: Sat, 09 Sep 2006 12:17:35 +0200

Petr Janda wrote:
My pf.conf is just a simple one:

ext_if="fxp0"

table <ssh-bruteforce>
block drop in quick on $ext_if from <ssh-bruteforce>

block in
pass out keep state

pass quick on { lo }
antispoof quick for { lo, fxp0 }

#pass in on $ext_if proto tcp to ($ext_if) port ssh \
#       flags S/SA keep state \
#       (max-src-conn-rate 3/30, overload <ssh-bruteforce> flush global)

pass in on $ext_if proto tcp to ($ext_if) port { ssh, smtp, imap, http, domain } keep state
pass in on $ext_if proto udp to ($ext_if) port { domain } keep state


The commented section blocks script kiddies, unfortunately it doesnt work in our PF version. Hence why its commented.


Don't you have any configuration section at all? (directives starting with set)




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]