From owner-freebsd-questions@FreeBSD.ORG  Sun Feb  5 15:41:52 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9D0F616A420
	for <questions@freebsd.org>; Sun,  5 Feb 2006 15:41:52 +0000 (GMT)
	(envelope-from michaela@maa-net.net)
Received: from webmail.maa-net.net (c-24-131-131-217.hsd1.ma.comcast.net
	[24.131.131.217])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5F73C43D48
	for <questions@freebsd.org>; Sun,  5 Feb 2006 15:41:50 +0000 (GMT)
	(envelope-from michaela@maa-net.net)
Received: from bsd.maa-net.net (michaela@bsd.maa-net.net [192.168.0.4])
	by webmail.maa-net.net (8.12.11/8.12.11) with ESMTP id k15FfnXs020044
	for <questions@freebsd.org>; Sun, 5 Feb 2006 10:41:49 -0500 (EST)
	(envelope-from michaela@maa-net.net)
Date: Sun, 5 Feb 2006 10:41:49 -0500 (EST)
From: "Michael A. Alestock" <michaela@maa-net.net>
To: questions@freebsd.org
Message-ID: <20060205103027.D7469@bsd.maa-net.net>
X-Priority: 1
X-MSMAIL-Priority: high
X-message-flag: "MS-Outlook: A program to spread virii, but can do mail too."
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Mailman-Approved-At: Sun, 05 Feb 2006 17:09:30 +0000
Cc: 
Subject: IP Banning (Using IPFW)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Feb 2006 15:41:52 -0000

Hello,

I was wondering if there's some sort of port available that can actively 
ban IPs that try and bruteforce a service such as SSH or Telnet, by 
scanning the /var/log/auth.log log for Regex such as "Illegal User" or 
"LOGIN FAILURES", and then using IPFW to essentially deny (ban) that IP 
for a certain period of time or possibly forever.

I've seen a very useful one that works for linux (fail2ban), and was 
wondering if one exists for FreeBSD's IPFW?

I've looked around in /usr/ports/security and /usr/ports/net but can't 
seem to find anything that closely resembles that.

Your help would be greatly appreciated.... Thanks in advance!

>> Michael A., USA... Loyal FreeBSD user since 2000.