Date: Tue, 30 Sep 2008 10:16:37 +0200 From: Ollivier Robert <roberto@keltia.freenix.fr> To: freebsd-hackers@freebsd.org Subject: Re: SSH Brute Force attempts Message-ID: <20080930081637.GA34744@keltia.freenix.fr> In-Reply-To: <200809291939.41533.rhavenn@rhavenn.net> References: <48E16E93.3090601@gmail.com> <200809291939.41533.rhavenn@rhavenn.net>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Henrik Hudson:
> Yeap, -security
>
> However, also try this in pf.conf (specific rules related to this; you'll need
> more for a real pf.conf):
>
> table <badguys> { } persist
> block in quick from <badguys>
> pass in on $ext_if proto tcp from any to ($ext_if) port ssh keep state
> (max-src-conn 5, max-src-conn-rate 4/300, overload <badguys> flush global)
That one is very effective.
--
Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr
Darwin sidhe.keltia.net Version 9.4.0: Mon Jun 9 19:30:53 PDT 2008; i386
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080930081637.GA34744>