bruteforceblocker + PF
Enrique Ayesta Perojo
eayesta at portugalete.uned.es
Wed Oct 5 03:03:54 PDT 2005
Hello, i'm trying to install the bruteforceblocker script to stop ssh attacks,
but i'm having a problem with PF because it seems not to block the attacker
ip.
The machine is connected to internet and has some needed services for the LAN,
so i want to log and block only outside attacks.
The bruteforceblocker script seems to be working, because i can read the
initial time of it at /var/log/auth.log, so i think the problem may be at my
pf configuration.
Any help?
Thanks a lot
####/etc/pf.conf####
table <bruteforce> persist file "/var/log/bruteforce"
# options
set block-policy return
set loginterface $ext_if
# scrub
scrub in all
# filter rules
block all
pass quick on lo0 all
pass in on bge0 from 10.200.62.0/24 to 10.200.62.17
pass out on bge0 from 10.200.62.17 to 10.200.62.0/24
block in log quick inet proto tcp from <bruteforce> to any port ssh
####This is my conf of bruteforceblocker####
my $logfile = '/var/log/auth.log'; # file where this script will
log to
my $pfctl = '/sbin/pfctl'; # pfctl binary
my $table = 'bruteforce'; # pf table
my $tablefile = '/var/log/bruteforce'; # file where table
persist
my $max_attempts = 3; # number of max allowed fails
my $timeout = 3600; # number of seconds after
resetting of ip
my %count = (); # number of failed tries
my %time = (); # last modified time
More information about the freebsd-questions
mailing list