Defending against SSH attacks with pf
erik-freebsd at erikosterholm.org
Mon Apr 16 19:13:45 UTC 2007
On Sun, Apr 15, 2007 at 08:02:55PM -0400, Bill Moran wrote:
> There was some discussion on this list not too long ago, and someone
> asked if I was willing to make my pf config and the associated scripts
> I wrote for it public. I would have posted on the original thread,
> but I can't find it now.
> Here is the information:
> Bill Moran
I hope you don't mind some suggestions!
Your table names (and anything else enclosed in less-than/greater-than
symbols) got lost, so using the appropriate escape characters in HTML
would be useful.
Also, pf tables can be loaded from files containing a list of IP
addresses or hostnames, one per line. My table line is as follows:
table <sshbf> file "/etc/bruteforce_ssh"
I periodically save blocked hosts to this file using a script to
format and maintain uniqueness. In this way, my blocks persist across
reboots. I'm just as draconian as you are in my blocking policy!
More information about the freebsd-questions