[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [obsdfr-misc] Tables dans packet filter

From: Ghislain FOURNIER <ghislain POINT fournier AT orange.fr>
To: misc AT openbsd-france POINT org
Subject: Re: [obsdfr-misc] Tables dans packet filter
Date: Mon, 11 Aug 2008 12:41:07 +0200 (CEST)

je ne suis pas un expert dans pf, mais j'aimerai savoir se qui cloche :

voici mon pf.conf :
##############################################################################
##            Regle de filtrage et de routage packefilter by fg.            ##
##############################################################################
# Macros:
ext_if = "sis0"  # replace with actual external interface name i.e., dc0
lo     = "lo0"  # Carte Local Loopback
ext_net="xx.xx.xx.xx"
local_net = "127.0.0.1/8"

# Hosts
monhost.com = "127.0.0.1"
monhost= "xx.xx.xx.xx"
# Services visible from the outside . remove any you're not using
tcp_services = "{ domain, www, https, ftp, ntp, ftp-data, 1027 }"
# port
icmp_types="{ 8, 11 }"  #ping et traceroute
# Non-routable IP numbers
nonroutable = "{ 127.0.0.0/8, 0.0.0.0/8,255.255.255.255/32 }"
# Tables:
table <spammers> persist file "/etc/spammers"
table <RSE> persist {10.0.0.10/8, 172.16.0.0/16, 192.168.1.0/24}
table <ssh-bruteforce> persist file "/etc/ssh-bruteforce"
# Options:
set block-policy return
set loginterface $ext_if
set skip on $lo
# Normalization:
scrub in
# Queueing:
# Translation:
#nat-anchor "ftp-proxy/*"
# rdr:
#rdr-anchor "ftp-proxy/*"
#anchor "ftp-proxy/*"
# Filtering:
block in all
block in inet6
pass out keep state
## Blocage SSH
block in on $ext_if from <ssh-bruteforce> to any
block in on $ext_if from <spammers> to any
pass in quick on $ext_if inet proto tcp from any to any port ssh flags S/SA keep state ( max-src-conn-rate 2/10, overload <ssh-bruteforce> flush global)
pass in quick on $ext_if inet proto tcp from any to any port smtp flags S/SA keep state ( max-src-conn-rate 2/10, overload <spammers> flush global)

antispoof quick for { $lo $ext_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state
pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state
pass in inet proto icmp all icmp-type $icmp_types keep state


--------

Je precise que je suis sur freebsd sur kimsufi.

merci d'avance
> Message du 11/08/08 11:15
> De : "Jérôme Loyet" 
> A : misc AT openbsd-france POINT org
> Copie à : 
> Objet : Re: [obsdfr-misc] Tables dans packet filter
> 
> 
> man spamd :)
> 
> Le 11 août 2008 11:06, Ghislain FOURNIER a écrit :
> >
> > nickel ca marche.
> >
> > ma table ssh-forcebrute s'alimente toute seul, mais pas la table spammer, et je recoit toujours autant de spam.
> > merci
> >
> >
> >
> >
> >> Message du 11/08/08 09:50
> >> De : "Freddy DISSAUX"
> >> A : misc AT openbsd-france POINT org
> >> Copie à :
> >> Objet : Re: [obsdfr-misc] Tables dans packet filter
> >>
> >>
> >> Le Mon, Aug 11, 2008 at 08:43:36AM +0200, Ghislain FOURNIER écrivait:
> >> > Bonjour,
> >> Bonjour,
> >> >
> >> >
> >> > mon pf est configurer avec 2 tables :
> >> > table persist
> >> > table persist
> >>
> >> Le mien comme ça:
> >> table persist file "/etc/spammers"
> >>
> >>
> >> Freddy.
> >>
> >> ________________________________
> >> French OpenBSD mailing list
> >> misc AT openbsd-france POINT org
> >> http://www.openbsd-france.org/ml
> >>
> >>
> >>
> 
> ________________________________
> French OpenBSD mailing list
> misc AT openbsd-france POINT org
> http://www.openbsd-france.org/ml
> 
> 
>

Prev by Date: Re: [obsdfr-misc] Tables dans packet filter
Next by Date: Help - Installation OpenBsd sous HP DL120
Previous by thread: Re: [obsdfr-misc] Tables dans packet filter
Next by thread: Help - Installation OpenBsd sous HP DL120
Index(es):
- Date
- Thread