Date: Sat, 20 Mar 2010 22:59:40 +0000 (GMT) From: Jamie Griffin <Jamie@fantomatic.co.uk> To: freebsd-questions@freebsd.org Subject: Re: bruteforce protection howto Message-ID: <201003202259.o2KMxeXo002295@fix.fantomatic.co.uk> In-Reply-To: <1269123444.32263.53.camel@ubuntu>
next in thread | previous in thread | raw e-mail | index | archive | help
> Two pc's:
> 1 - router
> 2 - logger
> Situation: someone tries to bruteforce into a server, and the logger
> get's a log about it [e.g.: ssh login failed].
> What's the best method to ban that ip [what is bruteforcig a server]
> what was logged on the logger?
> I need to ban the ip on the router pc.
>
> How can i send the bad ip to the router, to ban it?
I was asking about this earlier, I went with pf which is already in the base system and also making sshd more secure by using the options in /etc/ssh/sshd_config.
Have a look at `man 5 sshd_config` and there is loads of stuff on goodgle about this. So far, I really like what pf can do, check it out. `man pf.conf` and again there are lots of old posts on google, and the OpenBSD pf guide is good too:
https://calomel.org/pf_config.html
http://www.freebsd.org/doc/handbook/firewalls-pf.html
http://www.openbsd.org/faq/pf/
Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003202259.o2KMxeXo002295>