Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ext_if="em0"
- set limit { states 8000000, frags 40000, src-nodes 4000000 }
- service_ports="{ 17353, 3306 }"
- game_ports="{ 11100, 12000, 13000, 14000, 15000, 16000, 18000 }"
- table <trusted_hosts> const { 127.0.0.1 89.39.13.6 195.178.102.2 195.178.102.10 }
- table <abusive_hosts> persist
- # options
- set block-policy drop
- set loginterface $ext_if
- set skip on lo0
- #scrub on $ext_if reassemble tcp no-df random-id
- #antispoof quick for { lo0 $ext_if }
- block in
- pass out all keep state
- pass out on $ext_if all modulate state
- pass in quick from <trusted_hosts>
- block in quick from <abusive_hosts>
- pass in inet proto icmp all icmp-type echoreq
- pass in on $ext_if proto tcp to any port $service_ports flags S/SA keep state \
- (max-src-conn 40, max-src-conn-rate 20/5, overload <abusive_hosts> flush)
- pass in on $ext_if proto tcp to any port $game_ports flags S/SA keep state \
- (max-src-conn 20, max-src-conn-rate 20/5, overload <abusive_hosts> flush)
- pass in on $ext_if proto udp to any port $game_ports keep state \
- (max-src-conn 20, max-src-conn-rate 20/5, overload <abusive_hosts> flush)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement