table persist
table persist
…
block log quick from { , }
…
## allow HTTP
pass in inet proto tcp from any to any port http synproxy state
(max-src-conn 200, max-src-conn-rate 100/2, overload flush)
…
## allow SSH
pass in log inet proto tcp from any to any port ssh synproxy state
(max-src-conn 10, max-src-conn-rate 5/60, overload flush)
в cron’е
*/5 * * * * /sbin/pfctl -t ddos -T expire 300 >/dev/null #5 minutes
*/5 * * * * /sbin/pfctl -t bruteforce -T expire 86400 >/dev/null #1 day
Спасибо TITANius http://forum.lissyara.su/viewtopic.php?f=8&t=24422