#Filtres badhosts et sshguard
table <pfbadhost> persist file "/etc/pf-badhost.txt"
table <sshguard> persist
table <whitelist> persist

## Table pour les batards de bruteforceurs
table <bruteforce> persist
table <http_abusive_hosts> persist

set block-policy drop                  # bloque silencieusement
set skip on lo                         # En local on s'en fou on surveille rien
set limit table-entries 400000   
set limit states 100000



## Traitement des paquets ##
# Paquets partiels on vire
match all scrub (max-mss 1440 no-df random-id reassemble tcp)
antispoof quick for egress         # Protection vol d'ip
antispoof quick for lo0            # Protection vol d'ip

# Port build user does not need network
block return out log proto {tcp udp} user _pbuild

# On bloque tout par défault
block

block quick on egress from <pfbadhost>
block in from <sshguard>
block log quick from <bruteforce> label "brutes"

pass out on egress proto { tcp udp icmp ipv6-icmp } modulate state