Auto blacklist ssh connections ...
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Sep 18 06:52:30 UTC 2008
Nathan Lay wrote:
> I employed this solution:
> http://johan.fredin.info/openbsd/block_ssh_bruteforce.html
>
> You have to enable pf, but man it works and it works well!
Agreed. I use a slight modification of this configuration on
a number of firewalls. As specified in the page referenced above,
the rule set causes /any/ too-rapid spate of SSH connections to
get you locked out, and that includes legitimate users too. Simple
modification is to add a whitelist table for addresses that you never
want to lock out:
table <static-whitelist> const { \
12.34.56.78 \
... \
} persist
table <ssh-bruteforce> persist
[...]
block drop in log quick on $ext_if from <ssh-bruteforce>
[...]
pass in on $ext_if proto tcp \
from !<static-whitelist> to $ext_if port ssh \
flags S/SA keep state \
(max-src-conn-rate 3/30, overload <ssh-bruteforce> flush global)
pass in on $ext_if proto tcp \
from <static-whitelist> to $ext_if port ssh \
flags S/SA keep state
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080918/7d67f21a/signature.pgp
More information about the freebsd-questions
mailing list