Trace: pf_block_dos 
#       $OpenBSD: pf.conf,v 1.37 2008/05/09 06:04:08 reyk Exp $
#
# See pf.conf(5) for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

ext_if="vr0"
#prot="{tcp, udp}"

table <rese> persist

set skip on lo
set block-policy return

scrub in all

nat on $ext_if from 192.168.1.0/24 to any -> ($ext_if)

block in all
pass out all

block quick from <rese> to $ext_if

pass in inet proto tcp from any to $ext_if port ssh

pass in inet proto tcp from any to $ext_if port 80 flags S/SA keep state (max-src-conn 100, max-src-conn-rate 10/20, overload <rese> flush global)
 
Sitemap Back to top
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki