> Am Mittwoch, den 26.07.2006, 18:38 -0700 schrieb krt: > > You can do a connection limit on a rule with a specific > proto/port, i.e. > > simultaneous client connection limit/max state entries per host/max new > > connections per second. > Yes I know that already. Take a look at the created rulebase and you'll > notice, that every attempt to connect to any service from the blocked IP > address (blocked because of the connection limit) will be blocked by > pfSense. What I suggested was to block only connection attempts to the > service that caused the blocking (just like netfilter does), not to all > services or every hosts behind pfSense at all. Bill has implemented > tables, so this might be a reasonable way to go. > > BR, > PIT >
As a lot of viruses try to send email I have blocked outbound SMTP from all machines but those on my mailserver list. I have been thinking for some time that I should look at twist or similar to report blocked mail sending attempts. I would also like to block the offending machine entirely from the outside world and redirect HTTP to a "Get help" page. Another alarm bell would be machines looking for MS-SQL servers Is this the sort of thing that would be useful? > > ------------------------------------------------------------------ > --------- > copyleft(c) by | /* * Buddy system. Hairy. You really aren't > Peter Allgeyer | _-_ expected to understand this * */ -- > | 0(o_o)0 From /usr/src/linux/mm/page_alloc.cA > ---------------oOO--(_)--OOo-------------------------------------- > --------- > > >