On 2012-09-25, Ed D. <[email protected]> wrote: > Hi, > I just upgraded to OpenBSD 5.2 current > amd64 9/24/2012 version. > I was previously running the 9/4/2012 version. > > Suddenly I notice the port 22 brute force > protection in my pf.conf isn't working. > > I'm using the same statement in my pf.conf > file that I've used for months. > > Has something changed recently with regard > to the "overload" "flush global" commands? > > Here's what I was running that has worked up til > now. > > table <bruteforce_ips> persist > > pass in quick log on egress inet proto tcp from any to any port ssh > flags S/SA keep state \ > (max-src-conn-rate 3/30, overload <bruteforce_ips> flush global) > > Where before any attempted connection that exceeded > 3 times in 30 seconds to port 22 would put the IP address > in <bruteforce_ips>, now nothing ever gets put in it. > > Has something changed in the recent past that is causing this? > Thanks, Ed
I don't see that problem with a kernel from 24 Sept., are you certain that the packets are hitting the rule you think they are? I would look at "tcpdump -nevvipflog0", check the rule number against pfctl -sr -R <number> and make sure it's the one you think it is. Also make sure that the ruleset did load at all, N.B. "pf enforces 'frags' limit" in http://www.openbsd.org/faq/current.html#20120920 _______________________________________________ Openbsd-newbies mailing list [email protected] http://mailman.theapt.org/listinfo/openbsd-newbies
