-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi All,
after a DOS attack started against a djbdns server I run on
OpenBSD-current earlier this week I started attempting to use the
"overload" keyword attempting to mitigate the issue.
so I inserted the following in pf.conf and while it loads up it doesnt
seem to work ie pfctl -Tshow -t bruteforce is empty
table <bruteforce> persist
block quick from <bruteforce>
block in log
pass inet proto udp from any to port 53 \
keep state \
(max-src-conn 15, max-src-conn-rate 5/15, \
overload <bruteforce> flush global)
any ideas from the list(I noticed all the official examples were of
tcp and didnt notice icmp or udp in any example claimed to be working)?
Does the overload keyword apply only to TCP or is there something I am
NOT understanding here about UDP and pf?
thanx all in advance
gwen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBSXuUFaiRFbpCqiTVAQLGkg//dSayEtWyZLKYMmJDbQJNNPEi2uFkr7hy
zK5Bx0m36AEmmMzv5/uRdUI9wtM1u6km94egF6+TtM8tokR+FSil0LOvIBSnmHG6
tQir5MoV5+/8uek1ilQcUvrGdf8YW4pE+nxqZZO/7+xnIRYpjnEXe5BF8lVditjm
o1S+ZJPkpXAFCQFtNYq49QMeANt+cybsJg2zAm6n6K07RLNuHoeSsFXp1aLkDkT+
7xQpFLSzBXINISybG9Mai47uZEPB8cFWm0Ndm7pELQ9tKSo+VaBWEjRGt1j6uI8s
vJpqpUsjhlXfGaOIVssWQDjrcJ9fy5OoxGqrec5sQl0dwiwG1Cj43YyIvA4vsoEL
aodrbapSYb87REmCUu5ufnjbNApu3cocTbKPWncBIzwjQiLHcMmIE51VDesg/Ay3
mBLQfTsGpEG3K+8hf3ItLn/EheBnTIMCzZ+3REkEEAqiUXNgsQZ+p6rVcMVd6e7i
v6ADobrD8SdbuGYRM8hr977LndOHKZDEw/TNS2AIAG9prTq3abVk4NMzg10f6ztn
fSdijgxvzrgGKC0nu4txweZrcMi+KwlTTH3rKZsAYCdrtdbtCxUzAg3VGExNQ9zY
eUlFYjnmTJjCYJbKLZ/OKE52ddigSplM6zrl4aAaWoFsvuJ7e9iIcx54ARfHvINA
iASiHeMjQII=
=QTKf
-----END PGP SIGNATURE-----
