Banning ips for some time?
atkielski.anthony at wanadoo.fr
Tue Jan 25 01:24:44 PST 2005
Christian Tischler writes:
CT> as I have an DSL line witch is 24/7 online (coming from an big and
CT> popular provider) my servers sshd reports 30 to 50 failed
CT> root/operator/etc. logins a day. I would like to block the incoming ip
CT> for a few days automaticly after e.g failed login requests.
CT> Currently I am using ipf, but it would be no problem to use any other
CT> FreeBSD firewall.
CT> This is not only for security reasons, but also to shorten the daily
CT> security run output :-)
Do you have a need to access your server from the outside Net? If not,
you can just block the SSH port entirely at the firewall (which is what
Almost doesn't count in securityland, so as long as the logins are
failing, they're not a security risk, just a nuisance.
More information about the freebsd-questions