bruteforceblocker + PF

Noel Jones noeldude at gmail.com
Thu Oct 6 12:56:21 PDT 2005


On 10/6/05, Enrique Ayesta Perojo <eayesta at portugalete.uned.es> wrote:
> El Miércoles, 5 de Octubre de 2005 21:53, Noel Jones escribió:
>
> > I'm going to assume this is just a small part of your pf.conf, because
> > the part you show doesn't allow any internet access.  Maybe you should
> > show us your entire pf.conf.
>

This simple pf config should work.

> No, i don't see any of these messages, the only message i see is the start of
> the log:
>
> !!!!!!! log started at Wed Oct  5 18:53:23 2005 !!!!!!!
>

I manually installed bruteforceblocker 1.1 (later noticed it's in
ports/security) and when it starts, it looks like:
------- log started at Wed Oct  5 13:13:01 2005 -------

So it appears that your software is different from mine.

Are you also seeing sshd logging information about failed and accepted
login attempts?

One thing I did notice was that all the lines in the
bruteforceblocker.pl script ended with ^M.  So I used vi to remove
them.  I don't know if that is part of your problem or not, but it's
something you might check.

FWIW, after making the suggested change to my syslog.conf file and
editing the file locations in the bruteforceblocker.pl script, it
worked first try here.  The only other suggestion I have is to check
your /etc/syslog.conf changes.
Find the line that looks like:
auth.info;authpriv.info                                /var/log/auth.log
and change it to:
auth.info;authpriv.info                         | exec
/usr/local/sbin/bruteforceblocker.pl


--
Noel Jones


More information about the freebsd-questions mailing list