Building the Network You Need with OpenBSD's PF: EuroBSDCon, St. Julian's, September 26th 2013 | ||
---|---|---|
Prev | Next |
/etc/pf.conf
table <bruteforce> persist block quick from <bruteforce> pass inet proto tcp to $int_if:network port $tcp_services \ keep state (max-src-conn 100, max-src-conn-rate 15/5, \ overload <bruteforce> flush global)
max-src-conn: # of connections from one host
max-src-conn-rate: rate of new connections: 15 connections per 5 seconds.
overload <bruteforce>: offenders go to the blocked table
flush global : kill all connections