Monday, 19 February 2007

Tip 1. Block PING to a server

As a security measure you can block PING by blocking ICMP echo request from all to your server. Edit your pf.conf file and add the following line, at rules section:

block return-icmp in quick on fxp0 proto icmp from any to

In this firewall rule is the IP of your server, and fxp0 is network interface of your server.

Tip 2. Protect your Web Server: block IPs with high connection rates

The following example will protect web server against host that makes more than 100 connections per 10 seconds. Any host  that does this will be added to <bad_hosts> table and will have all states originated from it flushed. Then any new packets coming from that hosts will be dropped.

              block quick from <bad_hosts>
              pass in on $ext if proto tcp to $webserver port www flags S/SA keep state \
                     (max-src-conn-rate 100/10, overload <bad_hosts> flush global)

Last Updated ( Monday, 19 February 2007 )

Other BSD Systems





Best BSD firewall?