From owner-freebsd-questions@FreeBSD.ORG  Sat Mar 20 22:59:33 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B4E871065670
	for <freebsd-questions@freebsd.org>;
	Sat, 20 Mar 2010 22:59:33 +0000 (UTC)
	(envelope-from jg@fantomatic.co.uk)
Received: from fix.fantomatic.co.uk (fix.fantomatic.co.uk [81.174.154.245])
	by mx1.freebsd.org (Postfix) with ESMTP id 3D2F98FC26
	for <freebsd-questions@freebsd.org>;
	Sat, 20 Mar 2010 22:59:32 +0000 (UTC)
Received: from fix.fantomatic.co.uk (localhost [127.0.0.1])
	by fix.fantomatic.co.uk (8.14.3/8.14.3) with ESMTP id o2KMxetN002296
	for <freebsd-questions@freebsd.org>; Sat, 20 Mar 2010 22:59:40 GMT
	(envelope-from jg@fix.fantomatic.co.uk)
Received: (from jg@localhost)
	by fix.fantomatic.co.uk (8.14.3/8.14.3/Submit) id o2KMxeXo002295
	for freebsd-questions@freebsd.org; Sat, 20 Mar 2010 22:59:40 GMT
	(envelope-from jg)
Message-Id: <201003202259.o2KMxeXo002295@fix.fantomatic.co.uk>
To: freebsd-questions@freebsd.org
Date: Sat, 20 Mar 2010 22:59:40 +0000 (GMT)
In-Reply-To: <1269123444.32263.53.camel@ubuntu>
From: Jamie Griffin <Jamie@fantomatic.co.uk>
X-Mailer: ELM [version 2.5 PL8]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: bruteforce protection howto
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Mar 2010 22:59:33 -0000

 
> Two pc's:
 
> 1 - router
> 2 - logger
 
> Situation: someone tries to bruteforce into a server, and the logger
> get's a log about it [e.g.: ssh login failed].
 
> What's the best method to ban that ip [what is bruteforcig a server]
> what was logged on the logger?
> I need to ban the ip on the router pc.
> 
> How can i send the bad ip to the router, to ban it?

I was asking about this earlier, I went with pf which is already in the base system and also making sshd more secure by using the options in /etc/ssh/sshd_config.

Have a look at `man 5 sshd_config` and there is loads of stuff on goodgle about this. So far, I really like what pf can do, check it out. `man pf.conf` and again there are lots of old posts on google, and the OpenBSD pf guide is good too:

     https://calomel.org/pf_config.html
     http://www.freebsd.org/doc/handbook/firewalls-pf.html
     http://www.openbsd.org/faq/pf/

   Jamie