diff options
Diffstat (limited to 'config/obr/pf.conf')
| -rw-r--r-- | config/obr/pf.conf | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/config/obr/pf.conf b/config/obr/pf.conf index c6a4599..77c1040 100644 --- a/config/obr/pf.conf +++ b/config/obr/pf.conf @@ -6,6 +6,9 @@ table <nonroutable> const { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ # protect against brute force attacks table <bruteforce> +# protect against well-known badies +table <badhosts> persist file "/etc/badhosts" + # interfaces ext_if = vr0 DMZ_if = vr1 @@ -73,6 +76,9 @@ block in quick on $ext_if from any to <intNetworks> block in quick on $ext_if from <nonroutable> to any block in quick on $ext_if from any to <nonroutable> +# block badies +block in quick on $ext_if from <badhosts> to any + # allow to jump via the firewall, protect against brute force attacks block quick from <bruteforce> pass in on $ext_if proto tcp from any to ($ext_if) port ssh keep state \ |