Hello,
I'd like you to help me to improve my pf configuration. So what do you think about it ?
Thanks, Gollum
I'd like you to help me to improve my pf configuration. So what do you think about it ?
Code:
int_if= "wlan0"
table <deny-hosts> persist
table <ssh-bruteforce> persist
scrub in all
set skip on lo0
block in log all
pass out quick inet
block in quick on $int_if from {<deny-hosts>, <ssh-bruteforce>}
pass in quick on $int_if from ($int_if:network) to any
pass in quick log on $int_if inet proto tcp from any to ($int_if) port 22 flags S/SA keep
state ( max-src-conn-rate 2/10, overload <ssh-bruteforce> flush global)
Thanks, Gollum