Banning ips for some time?

Christian Tischler mail at
Tue Jan 25 01:30:49 PST 2005

Anthony Atkielski wrote:

>Christian Tischler writes:
>CT> Hi,
>CT> as I have an DSL line witch is 24/7 online (coming from an big and 
>CT> popular provider)  my servers sshd reports 30 to 50 failed 
>CT> root/operator/etc. logins a day. I would like to block the incoming ip
>CT> for a few days automaticly after e.g failed login requests.
>CT> Currently I am using ipf, but it would be no problem to use any other
>CT> FreeBSD firewall.
>CT> This is not only for security reasons, but also to shorten the daily
>CT> security run output :-)
>Do you have a need to access your server from the outside Net?  If not,
>you can just block the SSH port entirely at the firewall (which is what
>I do).
>Almost doesn't count in securityland, so as long as the logins are
>failing, they're not a security risk, just a nuisance.
I do need the ssh access.


More information about the freebsd-questions mailing list