|
|
|
|
@ -4,6 +4,7 @@
|
|
|
|
|
# |
|
|
|
|
# Author: Nick Hilliard <nick@foobar.org> |
|
|
|
|
# Modified by: Alexander Koeppe making PF work seamless and with IPv4 and IPv6 |
|
|
|
|
# Modified by: Balazs Mateffy adding allproto option so all traffic gets blocked from the malicious source |
|
|
|
|
# |
|
|
|
|
# |
|
|
|
|
|
|
|
|
|
@ -26,9 +27,11 @@
|
|
|
|
|
# } |
|
|
|
|
# to your main pf ruleset, where "namei" are the names of the jails |
|
|
|
|
# which invoke this action |
|
|
|
|
# to block all protocols use the pf[protocol=all] option |
|
|
|
|
actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f- |
|
|
|
|
port="<port>"; if [ "$port" != "" ] && case "$port" in \{*) false;; esac; then port="{$port}"; fi |
|
|
|
|
echo "<block> proto <protocol> from <<tablename>-<name>> to <actiontype>" | <pfctl> -f- |
|
|
|
|
protocol="<protocol>"; if [ "$protocol" != "all" ]; then protocol="proto $protocol"; else protocol=all; fi |
|
|
|
|
echo "<block> $protocol from <<tablename>-<name>> to <actiontype>" | <pfctl> -f- |
|
|
|
|
|
|
|
|
|
# Option: start_on_demand - to start action on demand |
|
|
|
|
# Example: `action=pf[actionstart_on_demand=true]` |
|
|
|
|
@ -98,6 +101,7 @@ tablename = f2b
|
|
|
|
|
# |
|
|
|
|
# The action you want pf to take. |
|
|
|
|
# Probably, you want "block quick", but adjust as needed. |
|
|
|
|
# If you want to log all blocked use "blog log quick" |
|
|
|
|
block = block quick |
|
|
|
|
|
|
|
|
|
# Option: protocol |
|
|
|
|
|
repcsi
12 months ago