promt solution with max-src-conn-rate
Lyndon Nerenberg
lyndon at orthanc.ca
Tue May 16 01:54:48 UTC 2006
On May 15, 2006, at 6:29 PM, Scott Ullrich wrote:
>> You have to be aware that this otoh might open you to DoS
>> attacks. People
>> spoofing connections from your address will lock you out from your
>> own
>> server.
>
> An alternative is available for PF that monitors the ssh syslog.
>
> Take a look at:
> http://pfsense.com/cgi-bin/cvsweb.cgi/tools/pfPorts/sshlockout_pf/
> files/sshlockout_pf.c?rev=1.1
/usr/ports/security/bruteforceblocker also filters based on syslog
data; it lets you configure IP addresses that will never be blocked,
so you can prevent this sort of DOS attack.
--lyndon
More information about the freebsd-pf
mailing list