From owner-freebsd-hackers@FreeBSD.ORG Tue Sep 30 08:16:40 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 79CF1106568D for ; Tue, 30 Sep 2008 08:16:40 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from keltia.freenix.fr (keltia.freenix.org [IPv6:2001:660:330f:f820:213:72ff:fe15:f44]) by mx1.freebsd.org (Postfix) with ESMTP id 2A4B18FC13 for ; Tue, 30 Sep 2008 08:16:40 +0000 (UTC) (envelope-from roberto@keltia.freenix.fr) Received: from localhost (localhost [127.0.0.1]) by keltia.freenix.fr (Postfix/TLS) with ESMTP id DDCBF391CB for ; Tue, 30 Sep 2008 10:16:37 +0200 (CEST) X-Virus-Scanned: amavisd-new at keltia.freenix.fr Received: from keltia.freenix.fr ([127.0.0.1]) by localhost (keltia.freenix.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6db4jrLCmH4D for ; Tue, 30 Sep 2008 10:16:37 +0200 (CEST) Received: by keltia.freenix.fr (Postfix/TLS, from userid 101) id 8B6B4391CA; Tue, 30 Sep 2008 10:16:37 +0200 (CEST) Date: Tue, 30 Sep 2008 10:16:37 +0200 From: Ollivier Robert To: freebsd-hackers@freebsd.org Message-ID: <20080930081637.GA34744@keltia.freenix.fr> References: <48E16E93.3090601@gmail.com> <200809291939.41533.rhavenn@rhavenn.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200809291939.41533.rhavenn@rhavenn.net> X-Operating-System: MacOS X / Macbook Pro - FreeBSD 7 / Dell D820 SMP User-Agent: Mutt/1.5.18 (2008-05-17) Subject: Re: SSH Brute Force attempts X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Sep 2008 08:16:40 -0000 According to Henrik Hudson: > Yeap, -security > > However, also try this in pf.conf (specific rules related to this; you'll need > more for a real pf.conf): > > table { } persist > block in quick from > pass in on $ext_if proto tcp from any to ($ext_if) port ssh keep state > (max-src-conn 5, max-src-conn-rate 4/300, overload flush global) That one is very effective. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr Darwin sidhe.keltia.net Version 9.4.0: Mon Jun 9 19:30:53 PDT 2008; i386