diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/obr/badhosts | 2 | ||||
-rw-r--r-- | config/obr/pf.conf | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/config/obr/badhosts b/config/obr/badhosts new file mode 100644 index 0000000..a7f8014 --- /dev/null +++ b/config/obr/badhosts @@ -0,0 +1,2 @@ +# AHrefs.com Bot +173.199.64.0/18 diff --git a/config/obr/pf.conf b/config/obr/pf.conf index c6a4599..77c1040 100644 --- a/config/obr/pf.conf +++ b/config/obr/pf.conf @@ -6,6 +6,9 @@ table <nonroutable> const { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ # protect against brute force attacks table <bruteforce> +# protect against well-known badies +table <badhosts> persist file "/etc/badhosts" + # interfaces ext_if = vr0 DMZ_if = vr1 @@ -73,6 +76,9 @@ block in quick on $ext_if from any to <intNetworks> block in quick on $ext_if from <nonroutable> to any block in quick on $ext_if from any to <nonroutable> +# block badies +block in quick on $ext_if from <badhosts> to any + # allow to jump via the firewall, protect against brute force attacks block quick from <bruteforce> pass in on $ext_if proto tcp from any to ($ext_if) port ssh keep state \ |