Jump to content
  • 0
Sign in to follow this  
IceShiva

PF issue

Question

Hello. Was started dwo days ago my server but sometimes I have problems with unknow source dos, so I got the idea that run pf with limitation rules but my rules doesn't log overloaded traffic ofc works fine.

#iface name
if="igb0"

#flags and settings for statefull connections
tcp_state = "flags S/SAFR keep state"
udp_state = "keep state"

#ports for game
tcp_world=" {13001 13011 16001 17011 18001 19011 20001 20011 13099 13199 }"
p2p_tcp_world=" { 14010 14021 16010 17021 18010 19021 20010 20021 14099 14199 }"
udp_world=" {13001 13011 16001 17011 18001 19011 20001 20011 13099 13199 }"
p2p_udp_world=" { 14010 14021 16010 17021 18010 19021 20010 20021 14099 14199 }"
tcp_auth =" { 11111 11112 } "
p2p_tcp_auth =" { 22222 22223 } "
udp_auth =" { 11111 11112 } "
p2p_udp_auth =" { 22222 22223 } "

#limits
world_limit="(max-src-conn 10, overload <world_limit_blocked> flush)" #TEST
#world_limit="(max-src-conn 10, max-src-conn-rate 40/10, overload <world_limit_blocked> flush)"
#world_p2p_limit="(max-src-conn 10, max-src-conn-rate 100/10, overload <world_limit_blocked> flush)"
#auth_limit="(max-src-conn 3, max-src-conn-rate 10/10, overload <auth_blocked> flush)"
auth_limit="(max-src-conn 1, overload <auth_blocked> flush)" #TEST
#auth_p2p_limit="(max-src-conn 1, max-src-conn-rate 10/10, overload <auth_blocked> flush)"


## Tables

table <world_limit_blocked> persist file "/home/main/world.blocked"
table <auth_blocked> persist file "/home/main/auth.blocked"

## Options
set block-policy drop
set loginterface $if
set optimization normal
set skip on lo0
set state-policy if-bound
set debug misc
## normalization
scrub in all

# Filtering
#block all ip's over limit for world
block in log quick on $if from <world_limit_blocked> to $if

#block all ip's over limit for auth
block in log quick on $if from <auth_blocked> to $if

#block and loging all
block log all

# icmp without resirections
pass in inet proto icmp all

#Some services without resirections
pass in on $if inet proto tcp from any to any port 22 #SSH
pass in on $if inet proto udp from any to any port 22 #SSH
pass in on $if inet proto tcp from any to any port 3306 #MYSQL
pass in on $if inet proto tcp from any to any port 53 #DNS-TCP
pass in on $if inet proto udp from any to any port 53 #DNS-UDP


#Filtering world
pass in on $if inet proto tcp from any to $if port $tcp_world $tcp_state $world_limit
pass in on $if inet proto udp from any to $if port $udp_world $udp_state $world_limit
pass in on $if inet proto tcp from $if to $if port $p2p_tcp_world
pass in on $if inet proto udp from $if to $if port $p2p_udp_world

#Filtering auth
pass in on $if inet proto tcp from any to $if port $tcp_auth $tcp_state $auth_limit
pass in on $if inet proto udp from any to $if port $udp_auth $udp_state $auth_limit
pass in on $if inet proto tcp from $if to $if port $p2p_tcp_auth
pass in on $if inet proto udp from $if to $if port $p2p_udp_auth


#Outgoing traffic (without limits)
pass out on $if inet from $if to any



Here is my simpe firewall. Can anyone check a problem? All logfiles exist

Share this post


Link to post

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.