-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi All,
after a DOS attack started against a djbdns server I run on
OpenBSD-current earlier this week I started attempting to use the
"overload" keyword attempting to mitigate the issue.
so I inserted the following in pf.conf and while it loads up it doesnt
seem to work ie pfctl -Tshow -t bruteforce is empty
table <bruteforce> persist
block quick from <bruteforce>
block in log
pass inet proto udp from any to port 53 \
keep state \
(max-src-conn 15, max-src-conn-rate 5/15, \
overload <bruteforce> flush global)
any ideas from the list(I noticed all the official examples were of
tcp and didnt notice icmp or udp in any example claimed to be working)?
Does the overload keyword apply only to TCP or is there something I am
NOT understanding here about UDP and pf?
thanx all in advance
gwen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBSXugWaiRFbpCqiTVAQL/2Q//dmf64ZQ7yexQZmCGdE3vgg2T4z0P2d74
EN3WardcbfHToHSSCy8z8+5qQfs93WhiKyXvTl46xBqMRtzbSFck0Z3iVHldSWW+
EPWl6j7jrRhUP498oldFRu3tRB1roEm7p3N1vFQFSxkNIeFjmvOeaTE5isKDDfxV
MNvjVpEokxTsvHJh3bLZwY+TGTnlxWC0Q3dhha33wq0bWHqGPYleludsY+58OMEH
L59jEWQpt7R5w8noL4XBamFRFL0Oo5DHKybJ4eUPffN7Kd/YM0r9VK4seAHeHJZR
MRa/3+HOPmf1YIKkNP86NFn+A8BwXniAgJHykArhGZGHUIW6Un+uG77zwWImjBlm
Mq4izBeBkbPLep+vjvCl3Q1JBlEEFGi3asAE8q/k+L0oo7fYdMmVTeVI/h8Sqxg9
JiL/DW0HoQr/3DKgt4ymNThOvrdQa9u4qs7qf7eJIojyGydbPlb6+DA4eDM1jsbS
xkqd7VRORhkHY+xNvtnj5T1k+rbbzhqDBT2f4C4Yz2dRLTSNoi/mfGTuFfUnxC1s
Ac8QdL1S2j6aetSa5QZHzlICH734DIq6zZy0D3iBDd8wm9TcCSj4vrxcSf3QOO7j
uMBhWSK+LGeXSQNGdALpnNyNQgwGtAchun946rnsR+HfLTExR5Nk3UGiQpAuUJGx
To24YkI87fM=
=kyPu
-----END PGP SIGNATURE-----
