Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #-----------------------------------------------------------------------
- public_if = "re0"
- public_addr = "193.104.186.121"
- #-----------------------------------------------------------------------
- public_tcp_ports = "{ 25,53,80,8080,6379,11211,11300,31025,30000><50000}"
- public_udp_ports = "{ 53 }"
- #table <servers> { $ddns }
- table <bruteforce> persist
- set skip on lo0
- set block-policy drop
- set limit states 40000
- scrub in all
- block all
- block in quick proto {tcp, udp} from <bruteforce> to any port != 31025
- #pass quick from <servers> to any
- pass in on $public_if proto tcp to $public_addr port 80 \
- flags S/SA keep state \
- (max-src-conn 1, max-src-conn-rate 1/1, \
- overload <bruteforce> flush global)
- pass out keep state
- pass in quick on $public_if proto tcp from any to $public_addr port $public_tcp_ports flags S/SA keep state
- pass in quick on $public_if proto udp from any to $public_addr port $public_udp_ports keep state
- #-----------------------------------------------------------------------
- # ALLOW ICMP
- #-----------------------------------------------------------------------
- icmp_types="{ echoreq, unreach }"
- pass inet proto icmp all icmp-type $icmp_types keep state
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
