# PF Firewall Rules To Block DDOS attack



## kinal (Aug 14, 2009)

Dear all,

Now i got the problem with DDOS attack into my network and now i decide to use software PF firewall to protect my network from attacker but i got the problem with set the rules to block this kind of this attack because i'm the new user with this software.
could any one help me with this issue please

thanks


----------



## dennylin93 (Aug 15, 2009)

The PF section in the Handbook should be enough to get PF up and running. As for the configuration file, pf.conf() would probably be the best resource.

For the DoS part, take a look at stateful tracking options.

Some sample code:

```
table <bruteforce> persist
pass in proto tcp from any to any port ssh flags S/SA keep state \
    (source-track rule, max-src-conn-rate 2/10, overload <bruteforce> flush global)
block drop in quick from <bruteforce> to any
block out quick from any to <bruteforce>
```

A bit of experimentation might be needed before the actual rules fit your needs. DDoS is harder to block than DoS since the connections come from more than one IP.


----------

