securing SSH, FBSD systems

Francisco Reyes lists at natserv.com
Mon May 23 19:30:14 PDT 2005


On Mon, 23 May 2005, Tony Shadwick wrote:

> Is there an effective way to manage that list?  I mean, it seems to me that 
> you'd be adding mass routes to /etc/rc.conf.  How are you going about this.

See
http://public.natserv.net/blackholing.tar.bz2

I put a shell script, an awk file and a mini readme.

> Otherwise, it sounds like very good advice.

It is not without it's problems...
In particular one needs to clean the sshd.log file every time one runs the 
program. I may improve it later.

   Of course, I tend to manage a 
> hardware firewall in front of any of my machines, so the blackholing should 
> really occur there.

That would be one possible place.


> I wonder if that technique works under Linux as well?

Don't know. If you have access to a Linux box you could man route and see. 
It possibly could exist there too.

> manage reading my firewall rules. ;)

I found it got too messy to read firewall rules when I had blackholing 
there too. Also the feedback I got was that firewall rule was a flat list, 
while the route system used some type of tree.

In all honesty my machine has so little traffic that I doubt either way 
would be much of an issue. I just found it simpler to manage having the 
blackholing outside the firewall rules. That way the firewall rules are 
"generic" to ports and few IPs.


More information about the freebsd-questions mailing list