auth.log & intruder prevention

Ilias Sachpazidis isachpaz at
Tue Jan 24 14:40:22 PST 2006

We are talking about a few users and nobody has a permanent IP. 


-----Original Message-----
From: Dan O'Connor [mailto:dan at] 
Sent: Dienstag, 24. Januar 2006 22:29
To: Ilias.Sachpazidis at
Subject: Re: auth.log & intruder prevention

> I am wondering if any script is available to prevent hundreds of 
> attempts on
> port 22 from external IPs that constantly checking user & passwords on 
> my
> FreeBSD PCs.

I can't help you with a greylist solution, but how many users do you 
have that ssh in from the outside?

If you don't have too many, and they come from stable IP addresses, you 
could always set up firewall rules to allow specific connections and 
block other attempts to connect to port 22:

    # My Trusted SSH Sites
    . . .

    # SSH Login - Allow only trusted incoming on outside interface
    ${fwcmd} add pass log tcp from ${dan} to any 22 in via ${oif} setup
    ${fwcmd} add pass log tcp from ${jim} to any 22 in via ${oif} setup
    . . .
    ${fwcmd} add deny log tcp from any to any 22 in via ${oif} setup


FreeBSD Cheat Sheets 

More information about the freebsd-questions mailing list