Date: Sat, 16 Jun 2012 20:03:28 -0000 From: "Shiv. Nath" <prabhpal@digital-infotech.net> To: prabhpal@digital-infotech.net Cc: freebsd-stable@freebsd.org Subject: Re: USE PF to Prevent SMTP Brute Force Attacks - Resolved !!! Message-ID: <69642fed4fe6d9fb794eaedf2557cd8f.squirrel@mail.digital-infotech.net> In-Reply-To: <738cbc31aa2dce5787dc85cafb3d02a6.squirrel@mail.digital-infotech.net> References: <4360846ab93b3a2b1968ee0f262cf148.squirrel@mail.digital-infotech.net> <4FDB6490.8080509@infracaninophile.co.uk> <98c09d7edf95e0e07910e7e5ce46accc.squirrel@mail.digital-infotech.net> <4FDB6CBD.6080900@infracaninophile.co.uk> <738cbc31aa2dce5787dc85cafb3d02a6.squirrel@mail.digital-infotech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Ooops. Yes, -t bruteforce is correct. "expire 604800" means delete >> entries after they've been in the table for that number of seconds (ie >> after one week) >> >> Cheers, >> >> Matthew >> >> -- >> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard >> Flat 3 >> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate >> JID: matthew@infracaninophile.co.uk Kent, CT11 9PW Dear Metthew, first thanks for assisting to secure 22/25 ports from brute force attack. i wish to consult if the following white list looks fine to exclude trusted networks (own network) int0="em0" secured_attack_ports="{21,22,25}" table <bruteforce> persist block in log quick from <bruteforce> pass in on $int0 proto tcp \ from any to $int0 port $secured_attack_ports \ flags S/SA keep state \ (max-src-conn-rate 5/300, overload <bruteforce> flush global) ## Exclude Own Netowrk From Brute-Force Rule ## table <own_network> persist {71.221.25.0/24, 71.139.22.0/24} pass in on $int0 proto tcp from <own_network> to any OR pass in on $int0 proto tcp from <own_network> to secured_attack_ports Thanks / Regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69642fed4fe6d9fb794eaedf2557cd8f.squirrel>