From owner-freebsd-questions@FreeBSD.ORG  Tue Jan 25 09:30:49 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1E9AC16A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 25 Jan 2005 09:30:49 +0000 (GMT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.187])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CA93C43D41
	for <freebsd-questions@freebsd.org>;
	Tue, 25 Jan 2005 09:30:48 +0000 (GMT)	(envelope-from mail@myunix.net)
Received: from [212.227.126.208] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1CtN27-0006ka-00
	for freebsd-questions@freebsd.org; Tue, 25 Jan 2005 10:30:47 +0100
Received: from [217.228.224.217] (helo=[192.168.123.5])
	by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1)
	id 1CtN27-0004R0-00
	for freebsd-questions@freebsd.org; Tue, 25 Jan 2005 10:30:47 +0100
Message-ID: <41F611C8.4070104@myunix.net>
Date: Tue, 25 Jan 2005 10:30:48 +0100
From: Christian Tischler <mail@myunix.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.5) Gecko/20041217
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <41F60ECC.8050206@myunix.net>
	<134496582.20050125102442@wanadoo.fr>
In-Reply-To: <134496582.20050125102442@wanadoo.fr>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:f535121c9cfa857f5d09ee37b87180a6
Subject: Re: Banning ips for some time?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jan 2005 09:30:49 -0000

Anthony Atkielski wrote:

>Christian Tischler writes:
>
>CT> Hi,
>CT> as I have an DSL line witch is 24/7 online (coming from an big and 
>CT> popular provider)  my servers sshd reports 30 to 50 failed 
>CT> root/operator/etc. logins a day. I would like to block the incoming ip
>CT> for a few days automaticly after e.g failed login requests.
>CT> Currently I am using ipf, but it would be no problem to use any other
>CT> FreeBSD firewall.
>CT> This is not only for security reasons, but also to shorten the daily
>CT> security run output :-)
>
>Do you have a need to access your server from the outside Net?  If not,
>you can just block the SSH port entirely at the firewall (which is what
>I do).
>
>Almost doesn't count in securityland, so as long as the logins are
>failing, they're not a security risk, just a nuisance.
>
>  
>
I do need the ssh access.

Christian