PF to Preventing SMTP Brute Force Attacks
- From: "Shiv. Nath" <prabhpal@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 15 Jun 2012 16:17:06 -0000
Hi FreeBSD Gurus,
i want to use PF to Preventing SMTP Brute Force Attacks. i need some help
to understand correct syntax.
URL Explaining this: http://www.openbsd.org/faq/pf/filter.html#stateopts
i expect the following behavior from the PF rule below:
Limit the absolute maximum number of states that this rule can create to 200
Enable source tracking; limit state creation based on states created by
this rule only
Limit the maximum number of nodes that can simultaneously create state to 100
Limit the maximum number of simultaneous states per source IP to 3
Solution:
int0="em0"
trusted_tcp_ports="{22,25,443,465}"
pass in on $int0 proto tcp from any to any port $trusted_tcp_ports keep
state max 200, source-track rule, max-src-nodes 100, max-src-states 3
please help ..
Thanks / Regards
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: PF to Preventing SMTP Brute Force Attacks
- From: Adrian Minta
- Re: PF to Preventing SMTP Brute Force Attacks
- From: Jason Hellenthal
- Re: PF to Preventing SMTP Brute Force Attacks
- From: Matthew Seaman
- Re: PF to Preventing SMTP Brute Force Attacks
- Prev by Date: [releng_8 tinderbox] failure on arm/arm
- Next by Date: How to bind a route to a network adapter and not IP
- Previous by thread: mfi(4) IO performance regression, post 8.1
- Next by thread: Re: PF to Preventing SMTP Brute Force Attacks
- Index(es):
