User Tools
freebsd:pf_attack_mitigation
Differences
This shows you the differences between two versions of the page.
|
freebsd:pf_attack_mitigation [2014/11/10 09:48] tschulz created |
freebsd:pf_attack_mitigation [2014/11/10 09:52] (current) tschulz |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Packet Filter Attack Mitigation ====== | ====== Packet Filter Attack Mitigation ====== | ||
| + | ===== Example ===== | ||
| <file> | <file> | ||
| table <abusive_hosts> persist | table <abusive_hosts> persist | ||
| block in quick from <abusive_hosts> | block in quick from <abusive_hosts> | ||
| - | pass in on $ext_if proto tcp to $web_server port www flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_hosts> flush) | + | pass in on $ext_if proto tcp to $web_server port www \ |
| + | flags S/SA keep state \ | ||
| + | (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_hosts> flush) | ||
| </file> | </file> | ||
| + | |||
| + | ===== Break it down line by line ===== | ||
| + | - define a table to store abusive hosts | ||
| + | - block the abusive hosts | ||
| + | - pass traffic to the web server | ||
| + | - you need "flags S/SA keep state" | ||
| + | - if a host creates more than 100 at a time or creates 15 connections a sec it is placed in abusive_hosts | ||
freebsd/pf_attack_mitigation.txt · Last modified: 2014/11/10 09:52 by tschulz
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
