Rules for Friendlies and Unfriendlies
-
Hi Folks,
The following rule (grabbed right from the PF documentation) works really well on a test machine with a public facing IP address:
table <bruteforce> persist block quick from <bruteforce> pass inet proto tcp from any to any port ssh flags S/SA keep state (max-src-conn 15, max-src-conn-rate 15/5, overload <bruteforce> flush global)</bruteforce></bruteforce></bruteforce>
I'd love to have another table with an IP range (which are also public IPs) that gets much less strict treatment, I.e.
table <goodguys> { 1.2.0.0/16, 3.4.0.0/16 }</goodguys>
Of course I'm a PF newbie and don't know the best way to incorporate this, so any suggestions/tips would be most appreciated!
Cheers, Dan
-
Firstly, I hope you are using pfSense and defining the rules using the webGUI.
Firewall->Aliases
Add an Alias goodguys, type Networks, put in the networks you want.
Firewall->Rules
Add rule/s to pass traffic from those places, with whatever other advanced rule parameters you like.