PF ve FBSD blokovani na zaklade pocitani
Miroslav Lachman
000.fbsd at quip.cz
Wed May 14 22:47:03 CEST 2014
Radek Krejča wrote:
> Ahoj,
> to asi uniklo mne, diky moc, zkusim, zda je to ono.
>> http://www.openbsd.org/faq/pf/filter.html#udpstate
>> pass in on $ext_if proto tcp to $web_server \
>> port www flags S/SA keep state \
>> (max-src-conn 100, max-src-conn-rate 15/5, overload<abusive_hosts>
>> flush)
Na UDP jsem to nikdy nezkousel, ale na TCP pro ssh i pro http provoz to
pouzivam celkem bezne a funguje to presne tak, jak si to clovek nastavi.
Na ssh se s tim daji celkem dobre blokovat ty automatizovane utoky, co
zkousi hadat hesla.
Mirek
More information about the Users-l
mailing list