PF ve FBSD blokovani na zaklade pocitani

Miroslav Lachman 000.fbsd at quip.cz
Wed May 14 22:47:03 CEST 2014


Radek Krejča wrote:
> Ahoj,
> to asi uniklo mne, diky moc, zkusim, zda je to ono.

>> http://www.openbsd.org/faq/pf/filter.html#udpstate

>> pass in on $ext_if proto tcp to $web_server \
>>      port www flags S/SA keep state \
>>      (max-src-conn 100, max-src-conn-rate 15/5, overload<abusive_hosts>
>> flush)

Na UDP jsem to nikdy nezkousel, ale na TCP pro ssh i pro http provoz to 
pouzivam celkem bezne a funguje to presne tak, jak si to clovek nastavi.
Na ssh se s tim daji celkem dobre blokovat ty automatizovane utoky, co 
zkousi hadat hesla.

Mirek


More information about the Users-l mailing list