Hi everybody, thank you for your time!
Can you help me to solve a question that follows me since some weeks.
Please have a look into my pf.conf. It's for FreeBSD 10.1-RELEASE. One SSH is listening to the host:22 and the next is listening to the jail:22 which is host:22000.
I limit the maximum number of connects to the host SSH to ten. Can I limit the number of connects to my jail to ten only by the use of PF? Not to mention both SSHs did work and my IP is not 1.2.3.4.
Thanks again.
Can you help me to solve a question that follows me since some weeks.
Please have a look into my pf.conf. It's for FreeBSD 10.1-RELEASE. One SSH is listening to the host:22 and the next is listening to the jail:22 which is host:22000.
I limit the maximum number of connects to the host SSH to ten. Can I limit the number of connects to my jail to ten only by the use of PF? Not to mention both SSHs did work and my IP is not 1.2.3.4.
Code:
IF = "re0"
IP = "1.2.3.4"
NET = "1.2.3.4/24"
IFJAIL = "lo1"
IPJAIL = "10.0.0.1"
NETJAIL = "10.0.0.0/28"
PORTSSH = "22"
PORTSSHJAIL = "22000"
set block-policy drop
set skip on lo0
nat pass on $IF from $NETJAIL to any -> $IF
rdr pass on $IF proto tcp from any to $IP port $PORTSSHJAIL -> $IPJAIL port $PORTSSH
block in on $IF
block in on $IF proto tcp # not necessary
block in on $IF proto udp # not necessary
block in on $IF proto tcp from $NET # not necessary
block in on $IF proto udp from $NET # not necessary
pass in on $IF inet proto tcp from any to $IP port $PORTSSH flags S/SA synproxy state (max-src-conn 10)
block out on $IF
pass out on $IF inet proto udp from $IP to any modulate state
pass out on $IF inet proto tcp from $IP to any modulate state
Thanks again.
Last edited by a moderator: