Hi
>From time to time I have some attacks to my SIP PBX. I like to block them on
my OpenBSD
box which stands in front of it. The problem I'm facing is that the attackers
IP has already
a state in the state table and the block rule I insert simply does nothing.
In the state table I see the following:
all udp my_ip:5060 <- attacker_ip:5231 MULTIPLE:MULTIPLE
all udp attacker_ip:5231 -> my_ip:5060 MULTIPLE:MULTIPLE
in /etc/pf.conf at the top I have the following
table <badguys> {attacker_ip}
block out quick to {<badguys>}
block in quick from {<badguys>}
After clearing all states with pfctl -F states the connection is blocked.
Is there a way to:
- clear a single state?
- to block a packet even with a established state ?
Regards
Matthias
--
Matthias Cramer, Erachfeldstrasse 1b, CH-8180 Bülach
http://www.freestone.net
GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
