Defending against SSH attacks with pf

Erik Osterholm erik-freebsd at
Mon Apr 16 19:13:45 UTC 2007

On Sun, Apr 15, 2007 at 08:02:55PM -0400, Bill Moran wrote:
> There was some discussion on this list not too long ago, and someone
> asked if I was willing to make my pf config and the associated scripts
> I wrote for it public.  I would have posted on the original thread,
> but I can't find it now.
> Here is the information:
> --
> Bill Moran

Hi Bill,

I hope you don't mind some suggestions!

Your table names (and anything else enclosed in less-than/greater-than
symbols) got lost, so using the appropriate escape characters in HTML
would be useful.

Also, pf tables can be loaded from files containing a list of IP
addresses or hostnames, one per line.  My table line is as follows:

table <sshbf> file "/etc/bruteforce_ssh"

I periodically save blocked hosts to this file using a script to
format and maintain uniqueness.  In this way, my blocks persist across
reboots.  I'm just as draconian as you are in my blocking policy!


More information about the freebsd-questions mailing list