Banning ips for some time?

Anthony Atkielski atkielski.anthony at
Tue Jan 25 01:24:44 PST 2005

Christian Tischler writes:

CT> Hi,
CT> as I have an DSL line witch is 24/7 online (coming from an big and 
CT> popular provider)  my servers sshd reports 30 to 50 failed 
CT> root/operator/etc. logins a day. I would like to block the incoming ip
CT> for a few days automaticly after e.g failed login requests.
CT> Currently I am using ipf, but it would be no problem to use any other
CT> FreeBSD firewall.
CT> This is not only for security reasons, but also to shorten the daily
CT> security run output :-)

Do you have a need to access your server from the outside Net?  If not,
you can just block the SSH port entirely at the firewall (which is what
I do).

Almost doesn't count in securityland, so as long as the logins are
failing, they're not a security risk, just a nuisance.


More information about the freebsd-questions mailing list