Full Disclosure mailing list archives
OpenBSD protect windows update ?
From: D B <geggam692000 () yahoo com>
Date: Wed, 13 Aug 2003 12:23:01 -0700 (PDT)
wouldnt something like this work in pf to prevent a syn flood ? im no expert at this so feel free to modify assuming xl0 is windows.update.com and xl1 is an internal network that serves the updates set loginterface xl0 set optimization aggressive set block-policy drop set limit { states 200000, frags 200000 } scrub in on $ext_if all fragment reassemble random-id nat on xl0 from xl1 to any -> xl0 rdr on xl0 proto tcp from any to any port 80 -> x11 port 8080 block in all port 80 flags FUP/FUP block in quick on x10 proto {tcp,udp,icmp} from any to any "....if all else fails, get a bigger hammer." D B __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- OpenBSD protect windows update ? D B (Aug 13)