Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 6 Oct 2005 14:56:20 -0500
From:      Noel Jones <noeldude@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: bruteforceblocker + PF
Message-ID:  <cce506b0510061256x2ecaf01ct876eeb624c02307b@mail.gmail.com>
In-Reply-To: <200510060907.57922.eayesta@portugalete.uned.es>
References:  <200510051204.54331.eayesta@portugalete.uned.es> <cce506b0510051253r2ca4f6eeg618238d94d468fb8@mail.gmail.com> <200510060907.57922.eayesta@portugalete.uned.es>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 10/6/05, Enrique Ayesta Perojo <eayesta@portugalete.uned.es> wrote:
> El Mi=E9rcoles, 5 de Octubre de 2005 21:53, Noel Jones escribi=F3:
>
> > I'm going to assume this is just a small part of your pf.conf, because
> > the part you show doesn't allow any internet access.  Maybe you should
> > show us your entire pf.conf.
>

This simple pf config should work.

> No, i don't see any of these messages, the only message i see is the star=
t of
> the log:
>
> !!!!!!! log started at Wed Oct  5 18:53:23 2005 !!!!!!!
>

I manually installed bruteforceblocker 1.1 (later noticed it's in
ports/security) and when it starts, it looks like:
------- log started at Wed Oct  5 13:13:01 2005 -------

So it appears that your software is different from mine.

Are you also seeing sshd logging information about failed and accepted
login attempts?

One thing I did notice was that all the lines in the
bruteforceblocker.pl script ended with ^M.  So I used vi to remove
them.  I don't know if that is part of your problem or not, but it's
something you might check.

FWIW, after making the suggested change to my syslog.conf file and
editing the file locations in the bruteforceblocker.pl script, it
worked first try here.  The only other suggestion I have is to check
your /etc/syslog.conf changes.
Find the line that looks like:
auth.info;authpriv.info                                /var/log/auth.log
and change it to:
auth.info;authpriv.info                         | exec
/usr/local/sbin/bruteforceblocker.pl


--
Noel Jones

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cce506b0510061256x2ecaf01ct876eeb624c02307b>