denyhosts/pfctl to block repeated logins?

Michael B. Eichorn ike at michaeleichorn.com
Sat Jun 20 12:31:51 UTC 2015


On Sat, 2015-06-20 at 21:55 +1000, andrew clarke wrote:
> On Sat 2015-06-20 07:34:50 UTC-0400, John Holland (jholland at vin-dit.org
> ) wrote:
> 
> > What is the best tool to use to block repeated login attempts from
> > unauthorized hosts?  And for deny hosts, how you unblock someone who
> > is legitimate?
> 
> "Best tool" is difficult to answer since it depends on your exact
> requirements.
> 
> Also once an admin finds an IP blocker that works for them, they may
> tend to stick with it rather than try all the alternatives.
> 
> For blocking unsuccessful ssh logins, sshguard-ipfw works for me.
> 
> http://www.sshguard.net/docs/faqs/
> 

I will second sshguard as an excellent automated blocker. But since the
OP mentions pfctl in the subject line, they probably want sshguard-pf.
There is also a no-firewall version for running in jails.

I prefer sshguard as it is a daemon like C program whereas denyhosts is a
python script. So I get a few less dependencies and a bit more speed.

SSHguard can handle more than just ssh logins, but sendmail, dovecot, and
other servers as well.

Unblocking no matter what you are using best consists of 2 steps:
 1) Remove the blocked address from the firewall table, hosts.deny, etc.
 2) If possible whitelist the hostname(s)/address(es)/subnet(s)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5761 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150620/51fb966d/attachment.bin>


More information about the freebsd-questions mailing list