Rules for Friendlies and Unfriendlies



  • Hi Folks,

    The following rule (grabbed right from the PF documentation) works really well on a test machine with a public facing IP address:

    table <bruteforce> persist
    block quick from <bruteforce>
    
    pass inet proto tcp from any to any port ssh flags S/SA keep state (max-src-conn 15, max-src-conn-rate 15/5, overload <bruteforce> flush global)</bruteforce></bruteforce></bruteforce>
    

    I'd love to have another table with an IP range (which are also public IPs) that gets much less strict treatment, I.e.

    table <goodguys> { 1.2.0.0/16, 3.4.0.0/16 }</goodguys>
    

    Of course I'm a PF newbie and don't know the best way to incorporate this, so any suggestions/tips would be most appreciated!

    Cheers, Dan



  • Firstly, I hope you are using pfSense and defining the rules using the webGUI.
    Firewall->Aliases
    Add an Alias goodguys, type Networks, put in the networks you want.
    Firewall->Rules
    Add rule/s to pass traffic from those places, with whatever other advanced rule parameters you like.


Log in to reply