[CDBUG-talk] pfctl -t table -T add foo.bar (so what happens on reboot?)
Patrick Muldoon
doon at inoc.net
Thu Oct 6 09:28:18 EDT 2005
On Oct 6, 2005, at 9:17 AM, Jonathan Franks wrote:
> /sbin/pfctl -t mytable -Treplace -f /etc/mytablefile
>
>
> Hey thanks for the info. I've managed to dump the table to a file
> and reconfigure. I was reading something on misc@, and I'm now
> thinking of adding a cron job to replace the file with the table
> contents every night. I'm having great fun with this.
>
> Anyhow thanks again.
>
> -Jonathan
>
As seen on a openbsd list... some protection to deal with this pesky
dictionary attacks (at the moment the only port I allow in in
tcp_services is ssh) but have been seeing an increase (again) in ssh
password guessing attacks.
From my crontab.. Dump table crackers ever hour.
0 * * * * /sbin/pfctl -t crackers -Tsh > /etc/tables/
crackers
from pf.conf
#tables
table <crackers> persist file "/etc/tables/crackers"
--snip--
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA modulate state \
(max-src-conn 5, max-src-conn-rate 4/60, overload <crackers>
flush global)
--
Patrick Muldoon
Network/Software Engineer
INOC (http://www.inoc.net)
PGPKEY (http://www.inoc.net/~doon)
Key ID: 0x370D752C
"Pinky, you've left the lens cap of your mind on again."
- The Brain
More information about the CDBUG-talk
mailing list