Re: USE PF to Prevent SMTP Brute Force Attacks - Resolved !!!
On 16/06/2012 21:03, Shiv. Nath wrote:
Dear Matthew,
Matthew, one a, one e.
first thanks for assisting to secure 22/25 ports from brute force
attack.
i wish to consult if the following white list looks fine to exclude
trusted networks (own network)
int0=em0
secured_attack_ports={21,22,25}
table bruteforce persist
block in log quick from bruteforce
pass in on $int0 proto tcp \
from any to $int0 port $secured_attack_ports \
flags S/SA keep state \
(max-src-conn-rate 5/300, overload bruteforce flush global)
## Exclude Own Network From Brute-Force Rule ##
table own_network persist {71.221.25.0/24, 71.139.22.0/24}
pass in on $int0 proto tcp from own_network to any port
$secured_attack_ports
But, yes, other than that it looks good. You want to move
the table definitions up to the top of the file and as you've shown, you
want your network specific rule after the more generic rate-limited
accept rule: remember that (except for quick rules) it's the last
matching rule in the ruleset that applies.
Cheers, Matthew
Dear Matthew,
i am sorry for misspelling your named, finally it is done with your
assistance. you have very good knowledge of PF because you are gentleman
indeed. sorry to trouble you too much.
Thanks / Thanks / Thanks / Thanks / Thanks /Thanks / Thanks / Thanks
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: USE PF to Prevent SMTP Brute Force Attacks - Resolved !!!
Ooops. Yes, -t bruteforce is correct. expire 604800 means delete
entries after they've been in the table for that number of seconds (ie
after one week)
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
Dear Metthew,
first thanks for assisting to secure 22/25 ports from brute force attack.
i wish to consult if the following white list looks fine to exclude
trusted networks (own network)
int0=em0
secured_attack_ports={21,22,25}
table bruteforce persist
block in log quick from bruteforce
pass in on $int0 proto tcp \
from any to $int0 port $secured_attack_ports \
flags S/SA keep state \
(max-src-conn-rate 5/300, overload bruteforce flush global)
## Exclude Own Netowrk From Brute-Force Rule ##
table own_network persist {71.221.25.0/24, 71.139.22.0/24}
pass in on $int0 proto tcp from own_network to any
OR
pass in on $int0 proto tcp from own_network to secured_attack_ports
Thanks / Regards
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: USE PF to Prevent SMTP Brute Force Attacks - Resolved !!!
On 16/06/2012 21:03, Shiv. Nath wrote:
Dear Metthew,
Matthew, one a, one e.
first thanks for assisting to secure 22/25 ports from brute force attack.
i wish to consult if the following white list looks fine to exclude
trusted networks (own network)
int0=em0
secured_attack_ports={21,22,25}
table bruteforce persist
block in log quick from bruteforce
pass in on $int0 proto tcp \
from any to $int0 port $secured_attack_ports \
flags S/SA keep state \
(max-src-conn-rate 5/300, overload bruteforce flush global)
## Exclude Own Netowrk From Brute-Force Rule ##
table own_network persist {71.221.25.0/24, 71.139.22.0/24}
pass in on $int0 proto tcp from own_network to any
OR
pass in on $int0 proto tcp from own_network to secured_attack_ports
^
$secured_attack_ports
You seem to have missed out a $ sign there.
But, yes, other than that it looks good looks good. You want to move
the table definitions up to the top of the file and as you've shown, you
want your network specific rule after the more generic rate-limited
accept rule: remember that (except for quick rules) it's the last
matching rule in the ruleset that applies.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
