Banning ips for some time?
mail at myunix.net
Tue Jan 25 01:30:49 PST 2005
Anthony Atkielski wrote:
>Christian Tischler writes:
>CT> as I have an DSL line witch is 24/7 online (coming from an big and
>CT> popular provider) my servers sshd reports 30 to 50 failed
>CT> root/operator/etc. logins a day. I would like to block the incoming ip
>CT> for a few days automaticly after e.g failed login requests.
>CT> Currently I am using ipf, but it would be no problem to use any other
>CT> FreeBSD firewall.
>CT> This is not only for security reasons, but also to shorten the daily
>CT> security run output :-)
>Do you have a need to access your server from the outside Net? If not,
>you can just block the SSH port entirely at the firewall (which is what
>Almost doesn't count in securityland, so as long as the logins are
>failing, they're not a security risk, just a nuisance.
I do need the ssh access.
More information about the freebsd-questions