Re: [Fwbuilder-discussion] Custom rules
Brought to you by:
mikehorn
From: <va...@vk...> - 2006-09-27 00:53:49
|
On Sep 26, 2006, at 5:46 PM, Matthias Fechner wrote: > Hello Vadim, > > * Vadim Kurland ??? <va...@vk...> [26-09-06 08:13]: >> you may want to try 2.1 beta, I publish FreeBSD port files on the >> nightly builds site. 2.1 has a number of new features so it may do >> what you want, such as it supports branching rules (using anchors in >> PF), address tables with references to external files, dns name >> objects, etc. > > thx a lot, I upgraded now to the new version (build 128). > I checked the howtos and the user manual but I found not how to > implement such a rule: > > <--cut--> > table <bruteforce> persist create an AddressTable object pointing at a dummy empty file and configure the object to load addresses at compile time. The file can be used to populate the table initially. > block quick from <bruteforce> fwbuilder generates pf rules using 'quick' clause, so the block goes at the bottom and all pass rules will have 'quick' on them > pass inet proto tcp from any to $localnet port $tcp_services \ > flags S/SA keep state \ > (max-src-conn 100, max-src-conn-rate 15/5, \ > overload <bruteforce> flush global) > <--cut--> > define Network object to be what you want $localnet to be, put it in Destination define TCP Service object or group of TCPService objects to cover what you want $tcp_services to be, put that in the Service rule element of the rule open rule options dialog by double clicking in the Options rule element, set up max-src-conn, max-src-conn-rate options, as well as the name of the table and check checkboxes for 'flush' and 'global' max-src-conn, max-src-conn-rate, overload are only available in build 128 and later. > > Or something like this one: > <--cut--> > altq on $ext_if cbq bandwidth 10Mb queue { def, mostofmybandwidth, > notalot } > queue def bandwidth 20% cbq(default borrow red) > queue mostofmybandwidth 77% cbq(default borrow red) > {most_lowdelay, most_bulk } > queue most_lowdelay priority 7 > queue most_bulk priority 7 > queue notalot 3% cbq > traffic shaping rules are not supported > block all > pass from $localnet to any port $allowedports keep state queue > mostofmybandwidth > pass from $iptostarve to any port $allowedports keep state queue > notalot > <--cut--> > > Best regards, > Matthias > > -- > > "Programming today is a race between software engineers striving to > build bigger and better idiot-proof programs, and the universe > trying to > produce bigger and better idiots. So far, the universe is winning." -- > Rich Cook > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys -- and earn > cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > |