Building the Network You Need with OpenBSD's PF: UKUUG, London November 26th, 2008
Prev		Next

Turning away the brutes: The rules

/etc/pf.conf

table <bruteforce> persist

block quick from <bruteforce>

pass inet proto tcp from any to $int_if:network port $tcp_services \
        flags S/SA keep state \
	(max-src-conn 100, max-src-conn-rate 15/5, \
         overload <bruteforce> flush global)

max-src-conn: # of connections from one host

max-src-conn-rate: rate of new connections: 15 connections per 5 seconds.

overload <bruteforce>: offenders go to the blocked table

flush global : kill all connections