Aflatoon Aflatooni wrote:

I have the following in my pf.conf:

# Public Services --  smtp, http, pop3s
tcpPubServices = "{ 25, 80, 995 }"
set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set limit { states 10000, frags 5000 }
#set loginterface none
set optimization normal
set block-policy drop
#set require-order yes
#set fingerprints "/etc/pf.os"
set skip on lo0
# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
scrub in all

pass out all
block in log all
table <sshBruteForce> { }

^^^ this needs to be 'table <sshBruteForce> persist' or the OS will delete it
   if it's empty.

block in quick from <sshBruteForce> to any
pass in on $ext_if inet proto tcp from any to any port $tcpPubServices flags 
S/SA synproxy state
pass in on $ext_if inet proto tcp from any to any port ssh modulate state 
(source-track rule max-src-nodes 8 max-src-conn 8 max-src-conn-rate 3/60 overload 
<sshBruteForce> flush global)

And I have tried to make a lot of ssh connections to the box and killing them 
with ctrl-c or bad-password but nothing gets added to the table. There isn't 
anything in the log either. How would I go about figuring out what is wrong?

Usually if you leave your machine connected to the internet, some awfully
helpful people in China or some other far off place will test it for you
within a day or so...



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP:     Ramsgate
                                                 Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to