Onpening and Closing ports

Karol Kwiatkowski karol.kwiat at gmail.com
Tue Feb 13 15:00:57 UTC 2007


Andy Greenwood wrote:
> On 2/13/07, Zbigniew Szalbot <zbyszek at szalbot.homedns.org> wrote:
>> Hello,
>>
>> Peter N. M. Hansteen wrote:
>> > You can head them off rather easily with a short PF rule set, see
>> > eg http://home.nuug.no/~peter/pf/en/bruteforce.html.
>> >
>> > They can actually be fun to watch :)
>>
>> It was funny for me because I set the max con rule to 10 and then logged
>> in 10 times to see if that would work. Of course that did (silly me!) and
>> as a result I blocked myself the access to the machine. I logged in from
>> another IP and commented out the pf.conf file entries for the bruteforce
>> but wonder how to empty the table (so that it does not contain my ip) and
>> enable the bruteforce defence again.
> 
> man pfctl. Specifically the -T switch.

Also, have a look at security/expiretable. You can automagically remove
entries from tables after specified time. It is mentioned in the article
linked above [1].

HTH,

Karol

[1] http://home.nuug.no/~peter/pf/en/bruteforce.html

-- 
Karol Kwiatkowski   <karol.kwiat at gmail dot com>
OpenPGP 0x06E09309

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070213/9491bdd5/signature.pgp


More information about the freebsd-questions mailing list