securing SSH, FBSD systems
Francisco Reyes
lists at natserv.com
Mon May 23 19:30:14 PDT 2005
On Mon, 23 May 2005, Tony Shadwick wrote:
> Is there an effective way to manage that list? I mean, it seems to me that
> you'd be adding mass routes to /etc/rc.conf. How are you going about this.
See
http://public.natserv.net/blackholing.tar.bz2
I put a shell script, an awk file and a mini readme.
> Otherwise, it sounds like very good advice.
It is not without it's problems...
In particular one needs to clean the sshd.log file every time one runs the
program. I may improve it later.
Of course, I tend to manage a
> hardware firewall in front of any of my machines, so the blackholing should
> really occur there.
That would be one possible place.
> I wonder if that technique works under Linux as well?
Don't know. If you have access to a Linux box you could man route and see.
It possibly could exist there too.
> manage reading my firewall rules. ;)
I found it got too messy to read firewall rules when I had blackholing
there too. Also the feedback I got was that firewall rule was a flat list,
while the route system used some type of tree.
In all honesty my machine has so little traffic that I doubt either way
would be much of an issue. I just found it simpler to manage having the
blackholing outside the firewall rules. That way the firewall rules are
"generic" to ports and few IPs.
More information about the freebsd-questions
mailing list