Thousands of ssh probes

Erik Norgaard norgaard at
Mon Mar 8 22:11:48 UTC 2010

On 08/03/10 18:56, Jason Garrett wrote:

>> Much better, restrict the client access to certain ranges of IPs. The
>> different registries publish ip ranges assigned per country and you can
>> create a list blocking countries you are certain not to visit, you can use
>> my script:
> Great script! Just one question. Where do you put the list of denied ip
> ranges?

The output is written to be used with packet filter, if you use some 
other firewall you may need edit the script. If you use packet filter, 
then you can dump the list into a file and create tables like this:

   table <blacklist> persist file "/etc/blacklist"
   block in quick from <blacklist>

I use blacklisting for mail while I use whitelisting for ssh.

You should know the limits of the script, the problem is that some 
ranges have been assigned directly by IANA, particularly for US. These 
are not included. The list is limited as these are all /8 chunks, you 
can find it here:

These ranges are managed by private organisations and assigned as they 
see fit.

There is another thing I'd like to filter by: I'd like to eliminate 
dynamic ranges, particularly for mail. It's been recommended that 
reverse lookup resolves to something like or, but there is no registry where you can simply look 
it up.

BR, Erik
Erik Nørgaard
Ph: +34.666334818/+34.915211157        

More information about the freebsd-questions mailing list