PF ve FBSD blokovani na zaklade pocitani

Miroslav Lachman 000.fbsd at quip.cz
Wed May 14 22:47:03 CEST 2014

Previous message: PF ve FBSD blokovani na zaklade pocitani
Next message: PF ve FBSD blokovani na zaklade pocitani
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Radek Krejča wrote:
> Ahoj,
> to asi uniklo mne, diky moc, zkusim, zda je to ono.

>> http://www.openbsd.org/faq/pf/filter.html#udpstate

>> pass in on $ext_if proto tcp to $web_server \
>>      port www flags S/SA keep state \
>>      (max-src-conn 100, max-src-conn-rate 15/5, overload<abusive_hosts>
>> flush)

Na UDP jsem to nikdy nezkousel, ale na TCP pro ssh i pro http provoz to 
pouzivam celkem bezne a funguje to presne tak, jak si to clovek nastavi.
Na ssh se s tim daji celkem dobre blokovat ty automatizovane utoky, co 
zkousi hadat hesla.

Mirek

Previous message: PF ve FBSD blokovani na zaklade pocitani
Next message: PF ve FBSD blokovani na zaklade pocitani
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list