PF Bruteforce protection for redirected packets

Hi, I would like to protect a specific port against BF attacks...
My problem is that the traffic must be redirected to another interface!
So I tried this :
Code:
$ext_if="bce0"
$jail_if="lo66"

$my_port="12345"

table <banned> persist

set skip on lo0

rdr on $ext_if inet proto tcp to port $my_port -> ($jail_if) port $my_port

block quick from <banned>
pass in quick on $jail_if inet proto tcp to port $my_port keep state (max-src-conn 5, max-src-conn-rate 10/10, overload <banned> flush global)

block in

But that doesn't work! And if I remove the last line, it passes... So the last line but one doesn't match the redirected packets! Why the hell..?!
 
Back
Top