Date: Thu, 4 May 2017 23:46:21 +0200 From: Marco van Tol <marco@tols.org> To: freebsd-ipfw@freebsd.org Cc: Marco van Tol <marco@tols.org> Subject: equivalent for pf's max-src-conn-rate in ipfw Message-ID: <F6AA6A38-CA06-49E8-AD8D-F6D8E4C26523@tols.org>
next in thread | raw e-mail | index | archive | help
Hi there, Possibly this questions pops up regularly. I have tried to find the = answer myself and have been unable to so far. My current way to drastically slow-down ssh brute force attacks is by = using the pf feature "max-src-conn-rate" with an argument of 5/60 = meaning only 5 syn packets are allowed per source IP to my ssh port per = minute. The rest get dropped. This works both for IPv4 and IPv6. I = typically don't login more then 5 times per minute to my hosts. I have tried several ways to get the same behaviour using ipfw and = dummynet. But when combining the rules with keep-state I don't get to = the point where I get wire-speed ssh connections for those that make it = while keeping the number of new connections per source IP at a very low = number (a few per minute). Is there an equivalent in ipfw for the pf feature max-src-conn-rate? Thank you very much in advance, please keep cc'ing me as I have not = subscribed to the ipfw list yet. Thanks! Marco van Tol=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F6AA6A38-CA06-49E8-AD8D-F6D8E4C26523>