ISD 820 Knowledge Base

User Tools

Site Tools

You are here: start » freebsd » pf_attack_mitigation
freebsd:pf_attack_mitigation

Table of Contents

Packet Filter Attack Mitigation

Example

table <abusive_hosts> persist
block in quick from <abusive_hosts>

pass in on $ext_if proto tcp to $web_server port www \ 
flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_hosts> flush)

Break it down line by line

  1. define a table to store abusive hosts
  2. block the abusive hosts
  3. pass traffic to the web server
  4. you need “flags S/SA keep state”
  5. if a host creates more than 100 at a time or creates 15 connections a sec it is placed in abusive_hosts
freebsd/pf_attack_mitigation.txt · Last modified: 2014/11/10 09:52 by tschulz

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki