|
|
|
@ -4,6 +4,7 @@
|
|
|
|
|
#
|
|
|
|
|
# Author: Nick Hilliard <nick@foobar.org>
|
|
|
|
|
# Modified by: Alexander Koeppe making PF work seamless and with IPv4 and IPv6
|
|
|
|
|
# Modified by: Balazs Mateffy adding allproto option so all traffic gets blocked from the malicious source
|
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
@ -26,9 +27,11 @@
|
|
|
|
|
# }
|
|
|
|
|
# to your main pf ruleset, where "namei" are the names of the jails
|
|
|
|
|
# which invoke this action
|
|
|
|
|
# to block all protocols use the pf[protocol=all] option
|
|
|
|
|
actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f-
|
|
|
|
|
port="<port>"; if [ "$port" != "" ] && case "$port" in \{*) false;; esac; then port="{$port}"; fi
|
|
|
|
|
echo "<block> proto <protocol> from <<tablename>-<name>> to <actiontype>" | <pfctl> -f-
|
|
|
|
|
protocol="<protocol>"; if [ "$protocol" != "all" ]; then protocol="proto $protocol"; else protocol=all; fi
|
|
|
|
|
echo "<block> $protocol from <<tablename>-<name>> to <actiontype>" | <pfctl> -f-
|
|
|
|
|
|
|
|
|
|
# Option: start_on_demand - to start action on demand
|
|
|
|
|
# Example: `action=pf[actionstart_on_demand=true]`
|
|
|
|
@ -98,6 +101,7 @@ tablename = f2b
|
|
|
|
|
#
|
|
|
|
|
# The action you want pf to take.
|
|
|
|
|
# Probably, you want "block quick", but adjust as needed.
|
|
|
|
|
# If you want to log all blocked use "blog log quick"
|
|
|
|
|
block = block quick
|
|
|
|
|
|
|
|
|
|
# Option: protocol
|
|
|
|
|