PF Tips PDF
Monday, 19 February 2007

Tip 1. Block PING to a server
------------------------------------

As a security measure you can block PING by blocking ICMP echo request from all to your server. Edit your pf.conf file and add the following line, at rules section:

block return-icmp in quick on fxp0 proto icmp from any to 10.0.0.1

In this firewall rule 10.0.0.1 is the IP of your server, and fxp0 is network interface of your server.


Tip 2. Protect your Web Server: block IPs with high connection rates
-----------------------------------------------------------------------------------

The following example will protect web server against host that makes more than 100 connections per 10 seconds. Any host  that does this will be added to <bad_hosts> table and will have all states originated from it flushed. Then any new packets coming from that hosts will be dropped.

              block quick from <bad_hosts>
              pass in on $ext if proto tcp to $webserver port www flags S/SA keep state \
                     (max-src-conn-rate 100/10, overload <bad_hosts> flush global)


Last Updated ( Monday, 19 February 2007 )
 

Other BSD Systems

OpenBSD

Misc

Solaris

Polls

Best BSD firewall?