PF rdr and block fail2ban

nforced

nforced

I can't seem to block traffic that is redirected via rdr
Code: 
rdr pass on $ext_if proto tcp from any to $ext_ip_jails port 25 -> [FILE]$jail_mail_ip[/FILE] port 25
block drop in on $ext_if from 1.2.3.4 to any
With these rules 1.2.3.4 can still access the smtpd on $jail_mail_ip.
How do I block redirected traffic so I can get use of fail2ban in this case?
 
Last edited by a moderator:
Adding pass after rdr will directly pass this rule without looking any other rules. Another thing I was missing was the "last rule wins" which means the block rule must be the last.
 
Last edited by a moderator:
You can use the quick keyword to "short circuit" the rule evaluation and that allows you to place your block rules first. I have built my own PF rulesets so that I have the rules for blocking any unwanted traffic are at the very beginning, this requires the use of the quick keyword.
 
You must log in or register to reply here.
Back
Top