On Mon, 2010-10-04 at 00:56 -0400, Chris Buechler wrote: > On Fri, Oct 1, 2010 at 12:07 PM, Gerald Waugh > <[email protected]> wrote: > > > > We use ipt-recent and limit rules in iptables on our servers > > It's a pain editing rules for each server. > > > > You might want to explain what those actually do, most of us are BSD > experts and don't work with Linux. > > > We do have a pfsense firewall on the frontend > > Is there a way to implement rate/limit rules in pfsense? > > > Maybe, see the advanced options on rules, or explain what those > iptables options do. > the iptables 'recent and limit' rules limit the number of accesses within a set time.
i.e. iptables -N SSHSCAN iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN iptables -A SSHSCAN -m recent --set --name SSH iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 3 --name SSH -j DROP 1st line creates a table SSHSCAN 2nd line defines ssh port 22 with state NEW 3rd line sets up 'recent' with name SSH 4th line 'update' count in SSH, sets a 300 second time, and allows 3 accesses to port 22 from a single IP address If count is 3 or greater (during 300 seconds), further access are blocked -- Gerald --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
