Hello everybody,
I configured a pf and I used the same config for a lot Servers.
But I noticed something.. strange today after a 3.9-i386 Server had a reboot.
pf is started by default and the config was also used with 3.8 (same
Server..).
Example-Rule pasted:
table <dssh> persist
pass in on $ext_if proto tcp to $web_server \
port 22 flags S/SA keep state \
(max-src-conn 10, max-src-conn-rate 3/10, overload <dssh> flush)
The problem I have is that pf did not added the table dssh after the
startup. I noticed that during another dumb ssh-bruteforce today where the
src. host was not blocked automaticly.
As I tried to take a look at all the houndrets of hosts wich may also
tried a BF already using "sudo pfctl -T show -t dssh" I simply got the
answer that such a table does not exist.
So I added this (and some other tables for the overload-stuff) by hand..
I just have the question: Is there somebody out there where there happened
exactly the same?!
I just was.. suprised by that (and confused too maybe..). :-/
Kind regards,
Sebastian
