IP Banning (Using IPFW)

Michael A. Alestock michaela at maa-net.net
Sun Feb 5 07:41:52 PST 2006


I was wondering if there's some sort of port available that can actively 
ban IPs that try and bruteforce a service such as SSH or Telnet, by 
scanning the /var/log/auth.log log for Regex such as "Illegal User" or 
"LOGIN FAILURES", and then using IPFW to essentially deny (ban) that IP 
for a certain period of time or possibly forever.

I've seen a very useful one that works for linux (fail2ban), and was 
wondering if one exists for FreeBSD's IPFW?

I've looked around in /usr/ports/security and /usr/ports/net but can't 
seem to find anything that closely resembles that.

Your help would be greatly appreciated.... Thanks in advance!

>> Michael A., USA... Loyal FreeBSD user since 2000.

More information about the freebsd-questions mailing list