Sysop:PF

• FAQ: http://www.openbsd.org/faq/pf/
• http://www.openbsd.org/faq/pf/filter.html
• Wiki: http://www.probsd.net/pf/index.php/Main_Page

Throttling

• http://www.muine.org/~hoang/openpf.html#qos
• http://www.benzedrine.cx/pf/msg02587.html

DSL-Router

• http://www.fmi.uni-passau.de/~grafj/openbsd/3.5/index.html
• http://wiki.bsdforen.de/index.php/OpenBSD_-_Kamp-DSL
• http://www.drones.com/obsd-fw.html

Transparente Firewall

• http://www.openlysecure.org/openbsd/how-to/invisible_firewall.html
• http://www.netikus.net/documents/OpenBSDTransparentFirewall/index.html
• http://openbsd.org/faq/faq6.html#Bridge

Stop SSH Brute-Force

• http://blog.roothell.org/archives/249-Paketfilter-vs.-SSH-Bruteforcing.html
• http://home.nuug.no/~peter/pf/en/bruteforce.html

Rules for your pf:

table <bruteforce> persist
block quick from <bruteforce>
pass quick proto { tcp, udp } from any to any port ssh \
       flags S/SA keep state \
       (max-src-conn 15, max-src-conn-rate 5/3, \
       overload <bruteforce> flush global)

> OpenBSD 4.1 you can cron the following command to delete old entries in the table:

pfctl -t bruteforce -T expire 86400

where 86400 specifies 24*60*60 seconds = 1 day, which means that all entries older than one day will be deleted.

Monitoring

• http://prefetch.net/articles/monitoringpf.html