Date: Sun, 23 Aug 2009 10:18:57 -0400 From: Ron Wilhoite <ronw@bals.org> To: freebsd-pf@freebsd.org Subject: Re: something like bruteblock for pf? Message-ID: <4A914FD1.7070500@bals.org> In-Reply-To: <7731938b0908221957g2150a2f0p3263b6cab72bdf81@mail.gmail.com> References: <200908230132343.SM01728@W500.Go2France.com> <a2b6592c0908221807q24e7f54aka75b561debca63eb@mail.gmail.com> <200908230340125.SM01728@W500.Go2France.com> <7731938b0908221957g2150a2f0p3263b6cab72bdf81@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/22/2009 10:57 PM Peter Maxwell wrote: > 2009/8/23 Len Conrad <LConrad@go2france.com>: >> I'm looking for something like bruteblock that logwatches (smtp, ssh, ftp, whatever) and inserts/removes TCP block rules into pf for x hours, so the protocol daemons are involved. >> ... > Before implementing something like this, I would urge caution: if what > you're asking was actually of any use, someone else would probably > have done it properly. I can't imagine how log entries from an ftp > server, say, are going to be related to your smtp server security? If > it's a simple connection management, then > max-src-conn/max-src-conn-rate might be a more robust solution. > http://johan.fredin.info/openbsd/block_ssh_bruteforce.html explains how to use max-src-conn-rate and expiretable. # pkg_info -x expiretable Information for expiretable-0.6: Comment: Utility to remove entries from the pf(4) table based on their age Description: Expiretable is a utility used to remove entries from the pf(4) table based on their age. The age in question being the amount of time that has passed since the statistics for each entry in the target table was last cleared. WWW: http://expiretable.fnord.se/ Ron
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A914FD1.7070500>