Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ext_if="vtnet0"
- # ext_if2="vtnet1"
- set limit { states 100000, frags 100000, src-nodes 100000, table-entries 100000 }
- game_ports="{ 17320, 17422, 17534, 17676, 17478, 17580, 17682, 17784, 17886, 17988, 20000, 20001, 20002, 20003, 20004, 20005, 21000, 21001, 21002, 21003, 21004, 21005, 22000, 22001, 22002, 22003, 22004, 22005, 23000, 23001, 23002, 23003, 23004, 23005, 24000, 24001, 24002, 24003, 24004, 24005, 25000, 25001, 25002, 25003, 25004, 25005, 31000, 31001 }"
- service_ports="{ 0 }"
- table <trusted_hosts> const { 0, 0, 0 }
- table <abusive_hosts> persist
- table <country_block> persist \
- file "/root/country_block/cn.txt" \
- file "/root/country_block/id.txt" \
- file "/root/country_block/in.txt" \
- file "/root/country_block/ph.txt" \
- file "/root/country_block/th.txt" \
- file "/root/country_block/vn.txt"
- # options
- set block-policy drop
- set loginterface $ext_if
- set skip on lo
- scrub on $ext_if reassemble tcp no-df random-id
- antispoof quick for { lo0 $ext_if}
- #antispoof quick for { lo0 $ext_if $ext_if2}
- block in
- pass out all keep state
- pass out on $ext_if all modulate state
- pass in quick from <trusted_hosts>
- block in quick from <abusive_hosts>
- block in quick from <country_block>
- pass in inet proto icmp all icmp-type echoreq
- pass in on $ext_if proto tcp to any port $game_ports flags S/SA keep state \
- (max-src-conn 30, max-src-conn-rate 15/5, overload <abusive_hosts> flush)
- pass in on $ext_if proto tcp to any port $service_ports flags S/SA keep state \
- (max-src-conn 30, max-src-conn-rate 25/3, overload <abusive_hosts> flush)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement