FreeBSD
 » 
freebsd-pf

Positive condition for adding in the table?

View: New views
2 Messages — Rating Filter:   Alert me  

Positive condition for adding in the table?

by Ivan Radovanovic-3 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

I am new into pf configuration and I am curious if it is possible to add
some host into table in firewall rules if some conditions are met (not
if they are broken). I was thinking about some way to prevent port
scanning of machine and what came to me as obvious way to do it is this
(in some pseudocode)

block all communication with bad_guys
allow all communication with good_guys

allow any communication with my open port and put ip in good_guys table
block sending any rst packet from me and put ip in bad_guys table /*
somebody tried to connect to non-open port */


/* more criteria to remove someone from good_guys and put in bad_guys,
according to connection rate, etc */

Anyway when I tried to code this into pf rules I discovered that I can't
put host into table according to positive condition. Is there some
workaround for this?
_______________________________________________
freebsd-pf@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe@..."

Re: Positive condition for adding in the table?

by Peter N. M. Hansteen-3 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Ivan Radovanovic <rivanr@...> writes:

> I am new into pf configuration and I am curious if it is possible to add
> some host into table in firewall rules if some conditions are met (not
> if they are broken).

There are a couple of apps out there that will update pf tables for
you based on various conditions.  

One is authpf (a non-interactive user shell, frequently used for stuff
like http://home.nuug.no/~peter/pf/en/vegard.authpf.html), likely
something to build on.  Then I was going to write that dhcpd can
manipulate tables (for example, adding addresses it has assigned to a
pf table), but then I realized that OpenBSD's dhcpd is not identical
to the FreeBSD one so that particular feature may not be available
immediately to readers of this list.

Tables are nice, more apps that interface with pf through tables would
likely be welcome.

--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
_______________________________________________
freebsd-pf@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe@..."
Free embeddable forum powered by Nabble Forum Help