Date: Sat, 20 Mar 2010 22:59:40 +0000 (GMT) From: Jamie Griffin <Jamie@fantomatic.co.uk> To: freebsd-questions@freebsd.org Subject: Re: bruteforce protection howto Message-ID: <201003202259.o2KMxeXo002295@fix.fantomatic.co.uk> In-Reply-To: <1269123444.32263.53.camel@ubuntu>
next in thread | previous in thread | raw e-mail | index | archive | help
> Two pc's: > 1 - router > 2 - logger > Situation: someone tries to bruteforce into a server, and the logger > get's a log about it [e.g.: ssh login failed]. > What's the best method to ban that ip [what is bruteforcig a server] > what was logged on the logger? > I need to ban the ip on the router pc. > > How can i send the bad ip to the router, to ban it? I was asking about this earlier, I went with pf which is already in the base system and also making sshd more secure by using the options in /etc/ssh/sshd_config. Have a look at `man 5 sshd_config` and there is loads of stuff on goodgle about this. So far, I really like what pf can do, check it out. `man pf.conf` and again there are lots of old posts on google, and the OpenBSD pf guide is good too: https://calomel.org/pf_config.html http://www.freebsd.org/doc/handbook/firewalls-pf.html http://www.openbsd.org/faq/pf/ Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003202259.o2KMxeXo002295>