I made the protection on my freebsd using pf.conf compiling kenel Anyone know if this and so enough to prevent invasion
esse e meu pf
ext_if = "nfe0"
service_ports = "{ 22, 80}"
game_ports = "{11002,13099,13009,13011,13013,13015,13002,13005,13006,13007,13001,13003,13004}"
table <trusted_hosts> const {127.0.0.1 , }
table <abusive_hosts> persist
set block-policy drop
set loginterface $ext_if
set skip on lo
scrub on $ext_if reassemble tcp no-df random-id
antispoof quick for { lo0 $ext_if }
block in
pass out all keep state
pass out on $ext_if all modulate state
pass in quick from <trusted_hosts>
block in quick from <abusive_hosts>
pass in inet proto icmp all icmp-type echoreq
pass in on $ext_if proto tcp to any port $service_ports flags S/SA keep state (max-src-conn 30, max-src-conn-rate 15/5, overload <abusive_hosts> flush)
pass in on $ext_if proto {tcp,udp} to any port $game_ports flags S/SA keep state (max-src-conn 30, max-src-conn-rate 15/5, overload <abusive_hosts> flush)
if anyone knows another and please inform me