From 199759f0ba0318c182a127efda1ed2a52883d96b Mon Sep 17 00:00:00 2001 From: repcsi Date: Sun, 10 Dec 2023 11:20:39 +0100 Subject: [PATCH] added pf[protocol=all] options as recommended by sebres --- THANKS | 1 + config/action.d/pf.conf | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/THANKS b/THANKS index 9dd2e47c6..7c008c2cb 100644 --- a/THANKS +++ b/THANKS @@ -22,6 +22,7 @@ Andrey G. Grozin Andy Fragen Arturo 'Buanzo' Busleiman Axel Thimm +Balazs Mateffy Bas van den Dikkenberg Beau Raines Bill Heaton diff --git a/config/action.d/pf.conf b/config/action.d/pf.conf index 933b4de01..7181ed964 100644 --- a/config/action.d/pf.conf +++ b/config/action.d/pf.conf @@ -4,6 +4,7 @@ # # Author: Nick Hilliard # Modified by: Alexander Koeppe making PF work seamless and with IPv4 and IPv6 +# Modified by: Balazs Mateffy adding allproto option so all traffic gets blocked from the malicious source # # @@ -26,9 +27,11 @@ # } # to your main pf ruleset, where "namei" are the names of the jails # which invoke this action +# to block all protocols use the pf[protocol=all] option actionstart = echo "table <-> persist counters" | -f- port=""; if [ "$port" != "" ] && case "$port" in \{*) false;; esac; then port="{$port}"; fi - echo " proto from <-> to " | -f- + protocol=""; if [ "$protocol" != "all" ]; then protocol="proto $protocol"; else protocol=all; fi + echo " $protocol from <-> to " | -f- # Option: start_on_demand - to start action on demand # Example: `action=pf[actionstart_on_demand=true]` @@ -98,6 +101,7 @@ tablename = f2b # # The action you want pf to take. # Probably, you want "block quick", but adjust as needed. +# If you want to log all blocked use "blog log quick" block = block quick # Option: protocol