Robert Mortimer wrote:
Am Mittwoch, den 26.07.2006, 18:38 -0700 schrieb krt:
You can do a connection limit on a rule with a specific
proto/port, i.e.
simultaneous client connection limit/max state entries per host/max new
connections per second.
Yes I know that already. Take a look at the created rulebase and you'll
notice, that every attempt to connect to any service from the blocked IP
address (blocked because of the connection limit) will be blocked by
pfSense. What I suggested was to block only connection attempts to the
service that caused the blocking (just like netfilter does), not to all
services or every hosts behind pfSense at all. Bill has implemented
tables, so this might be a reasonable way to go.
BR,
PIT
As a lot of viruses try to send email I have blocked outbound SMTP from
all machines but those on my mailserver list. I have been thinking for
some time that I should look at twist or similar to report blocked mail
sending attempts. I would also like to block the offending machine entirely
from the outside world and redirect HTTP to a "Get help" page.
Another alarm bell would be machines looking for MS-SQL servers
Is this the sort of thing that would be useful?
------------------------------------------------------------------
---------
copyleft(c) by | /* * Buddy system. Hairy. You really aren't
Peter Allgeyer | _-_ expected to understand this * */ --
| 0(o_o)0 From /usr/src/linux/mm/page_alloc.cA
---------------oOO--(_)--OOo--------------------------------------
---------
Have you ever checked out Netsquid? The concept is pretty cool *if* set
up right. http://netsquid.tamu.edu/details.html
Besides the part that it requires iptables, Netsquid could have been
something for pfsense 2.0 or 3.0
--
Thomas Øksnes
System Administrator \ö/
Opera Software ASA />
