Thousands of ssh probes

Jason Garrett kingedgar at
Mon Mar 8 22:21:49 UTC 2010

On Mon, Mar 8, 2010 at 16:11, Erik Norgaard <norgaard at> wrote:

> On 08/03/10 18:56, Jason Garrett wrote:
>  Much better, restrict the client access to certain ranges of IPs. The
>>> different registries publish ip ranges assigned per country and you can
>>> create a list blocking countries you are certain not to visit, you can
>>> use
>>> my script:
>>>  Great script! Just one question. Where do you put the list of denied ip
>> ranges?
> The output is written to be used with packet filter, if you use some other
> firewall you may need edit the script. If you use packet filter, then you
> can dump the list into a file and create tables like this:
>  table <blacklist> persist file "/etc/blacklist"
>  block in quick from <blacklist>
> I use blacklisting for mail while I use whitelisting for ssh.
> You should know the limits of the script, the problem is that some ranges
> have been assigned directly by IANA, particularly for US. These are not
> included. The list is limited as these are all /8 chunks, you can find it
> here:
> These ranges are managed by private organisations and assigned as they see
> fit.
> There is another thing I'd like to filter by: I'd like to eliminate dynamic
> ranges, particularly for mail. It's been recommended that reverse lookup
> resolves to something like or, but
> there is no registry where you can simply look it up.
Thanks! I'm not sure what ranges the OP is looking for, but I only want to
allow from US ip's for now, since I never travel outside the country.

> BR, Erik
> --
> Erik Nørgaard
> Ph: +34.666334818/+34.915211157        
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list