> Am Mittwoch, den 26.07.2006, 18:38 -0700 schrieb krt:
> > You can do a connection limit on a rule with a specific
> proto/port, i.e.
> > simultaneous client connection limit/max state entries per host/max new
> > connections per second.
> Yes I know that already. Take a look at the created rulebase and you'll
> notice, that every attempt to connect to any service from the blocked IP
> address (blocked because of the connection limit) will be blocked by
> pfSense. What I suggested was to block only connection attempts to the
> service that caused the blocking (just like netfilter does), not to all
> services or every hosts behind pfSense at all. Bill has implemented
> tables, so this might be a reasonable way to go.
> BR,
>   PIT

As a lot of viruses try to send email I have blocked outbound SMTP from
all machines but those on my mailserver list. I have been thinking for
some time that I should look at twist or similar to report blocked mail
sending attempts. I would also like to block the offending machine entirely
from the outside world and redirect HTTP to a "Get help" page.

Another alarm bell would be machines looking for MS-SQL servers

Is this the sort of thing that would be useful?

> ------------------------------------------------------------------
> ---------
>  copyleft(c) by |           /*  * Buddy system. Hairy. You really aren't
>  Peter Allgeyer |   _-_     expected to understand this  *  */   --
>                 | 0(o_o)0   From /usr/src/linux/mm/page_alloc.cA
> ---------------oOO--(_)--OOo--------------------------------------
> ---------

Reply via email to