Date: Wed, 5 Oct 2005 12:04:54 +0200 From: Enrique Ayesta Perojo <eayesta@portugalete.uned.es> To: freebsd-questions@freebsd.org Subject: bruteforceblocker + PF Message-ID: <200510051204.54331.eayesta@portugalete.uned.es>
next in thread | raw e-mail | index | archive | help
Hello, i'm trying to install the bruteforceblocker script to stop ssh attacks, but i'm having a problem with PF because it seems not to block the attacker ip. The machine is connected to internet and has some needed services for the LAN, so i want to log and block only outside attacks. The bruteforceblocker script seems to be working, because i can read the initial time of it at /var/log/auth.log, so i think the problem may be at my pf configuration. Any help? Thanks a lot ####/etc/pf.conf#### table <bruteforce> persist file "/var/log/bruteforce" # options set block-policy return set loginterface $ext_if # scrub scrub in all # filter rules block all pass quick on lo0 all pass in on bge0 from 10.200.62.0/24 to 10.200.62.17 pass out on bge0 from 10.200.62.17 to 10.200.62.0/24 block in log quick inet proto tcp from <bruteforce> to any port ssh ####This is my conf of bruteforceblocker#### my $logfile = '/var/log/auth.log'; # file where this script will log to my $pfctl = '/sbin/pfctl'; # pfctl binary my $table = 'bruteforce'; # pf table my $tablefile = '/var/log/bruteforce'; # file where table persist my $max_attempts = 3; # number of max allowed fails my $timeout = 3600; # number of seconds after resetting of ip my %count = (); # number of failed tries my %time = (); # last modified time
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510051204.54331.eayesta>