Date: Tue, 28 Nov 2006 16:32:05 -0500 From: Charles Lacroix <clacroix@cegep-ste-foy.qc.ca> To: "FreeBSD " <freebsd-pf@freebsd.org> Subject: Question about pf Message-ID: <200611281632.05280.clacroix@cegep-ste-foy.qc.ca>
next in thread | raw e-mail | index | archive | help
hi,
i read some of the pf.conf man page and i found something really neat for my
servers. It's not 100% what i need but very close and i was hoping you pf
gurus could help me out with this one.
I have created the following rules and i have 2 small problems.
table <badhosts> {} persist
block quick on $ext_if proto tcp from <badhosts> to $external_addr port 23
pass in on $ext_if proto tcp to $external_addr port 23 flags S/SA modulate \
state (max-src-conn-rate 5/60, overload <badhosts> flush global)
1. I wanted to do is make sure the ip's get unbanned after let's say 30
minutes or so.
2. When my ip gets into badhosts, most of my current ssh connections hang.
it's kinda strange since my block rule is specific on the telnet port.
any ideas/comments
Thanks
Charles
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611281632.05280.clacroix>