Banning ips for some time?

Christian Tischler mail at
Wed Jan 26 23:39:58 PST 2005

Sandy Rutherford wrote:

>On Tue, 25 Jan 2005 you wrote:
> > .... my servers sshd reports 30 to 50 failed 
> > root/operator/etc. logins a day. I would like to block the incoming ip 
> > for a few days automaticly after e.g failed login requests.
> > Currently I am using ipf, but it would be no problem to use any other 
> > FreeBSD firewall.
>For peace of mind, you can always use the AllowGroups, AllowUsers,
>PermitRootLogin, .... options in sshd_config to remove ssh access to
>root, uucp, operator, and other system accounts.  I only permit ssh
>access to user accounts.  The scripts which are making these login
>attempts are not typically going to try user accounts for obvious
>reasons.  If you need off-site root access you should be using su or
>sudo bash anyway.  I would recommend always turning off root access
>via ssh.
>freebsd-questions at mailing list
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"
Thanks for the answer. You described roughly the way I run sshd by now.


More information about the freebsd-questions mailing list