moving to 5.3 and need help understanding firewalls

[Matthew Seaman]

On Mon, Oct 25, 2004 at 12:14:03PM -0400, Louis LeBlanc wrote:
 
> I had thought about this one a bit though, and figured that it would be
> a simple translation to the external network:
> ${fwcmd} add pass log tcp from any to ${ip} 22 setup limit src-addr 4
> But I never put it in because I don't understand exactly what it will
> do.

What that does is limit you to having no more than 4 remote SSH
sessions running concurrently from any particular source address.
This can't stop probing of your port 22, but it might slow it down
some.

Hmmm...  perhaps you might find something more like:

${fwcmd} add pass log tcp from any to ${ip} 22 setup limit dst-port 22

more effective.  That limits you to no more than four incoming SSH
sessions in total.

However, the most effective defense is either to move the port sshd(8)
listens on, or to prevent people logging in using passwords at all --
key based auth is a lot more secure all round, or use one-time
passwords.  See sshd_config(8) (particularly the description of the
ChallengeResponseAuthentication and PasswordAuthentication commands),
ssh-keygen(1), pam_unix(8) and opie(4).

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20041025/37f71122/attachment.bin