something like bruteblock for pf?
Daniel Gerzo
danger at FreeBSD.org
Tue Aug 25 01:52:10 UTC 2009
Balázs Mátéffy wrote:
> Hi guys,
>
> I'm using bruteforceblocker at the moment on my systems, thanks for this
> great utility Daniel!
>
> Can you tweak it to be able to get the ips from proftpd or any other log, or
> its working out of the box, you just have to set it up in syslog.conf(didn't
> see that feature in the doc.)?
>
> Or for these things sshguard is more appropiate?
Check the /usr/local/sbin/bruteforceblocker file and edit the line which
looks like the following:
if (/.*Failed password.*from
($work->{ipv4}|$work->{ipv6}|$work->{fqdn}) port.*/i || ...
You just need to add any regular expression that meets your requirements
and set the syslog up so that the logs are directed to bruteforceblocker
as well.
--
S pozdravom / Best regards
Daniel Gerzo, FreeBSD committer
More information about the freebsd-pf
mailing list