On 20/12/2018 13:20, tors...@cnc-london.net wrote:
Try to add below to your pf.conf
table <bruteforce> persist
pass in on $ext_if inet proto tcp from any to $ext_if port 1194 \
(max-src-conn 10, max-src-conn-rate 30/5, \
overload <bruteforce> flush global)
This is pretty much exactly what I have for ssh scanners (with different
limits). Aha!
On 20/12/2018 13:20, pe...@bsdly.net wrote:
> The good thing about the pf.conf state tracking options is that they're
> service agnostic.
That's the bit I wasn't entirely sure about - thanks. Makes sense now -
of course! It's nothing to do with service, just connections. D'oh!
I now have a cunning plan, a plan so cunning etc etc. Thanks to all who
responded, on- and off-list.
Steve
