From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 22:11:55 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6F915394 for ; Tue, 4 Nov 2014 22:11:55 +0000 (UTC) Received: from www81.your-server.de (www81.your-server.de [213.133.104.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2E27784D for ; Tue, 4 Nov 2014 22:11:54 +0000 (UTC) Received: from [77.23.74.131] (helo=michael-think.fritz.box) by www81.your-server.de with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1Xlm5f-00034T-KR; Tue, 04 Nov 2014 22:56:39 +0100 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: "Charlie Root" , "Lowell Gilbert" , freebsd-questions@freebsd.org Subject: Re: sshguard pf References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> <20141104110202.GA37003@ymer.thorshammare.org> <44vbmv6kyp.fsf@lowell-desk.lan> <20141104193652.GA3062@ymer.thorshammare.org> <44oasm7l6f.fsf@lowell-desk.lan> Date: Tue, 04 Nov 2014 22:56:32 +0100 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Michael Ross" Message-ID: In-Reply-To: <44oasm7l6f.fsf@lowell-desk.lan> User-Agent: Opera Mail/1.0 (Win32) X-Authenticated-Sender: gmx@ross.cx X-Virus-Scanned: Clear (ClamAV 0.98.4/19584/Tue Nov 4 18:39:15 2014) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 22:11:55 -0000 On Tue, 04 Nov 2014 21:41:44 +0100, Lowell Gilbert wrote: > Charlie Root writes: > >> Do "bruteblock" require me to run ipfw2 as my firewall ? > > Yes. That's why I mentioned that there are several other options, I just > don't know them myself. > > Last I checked, bruteblock doesn't support IPv6 either, so one of these > days I may have to check into the choices again. For the record, I use fail2ban, and setting it up was painless, and it will support pf. Quick-How-To: 1. Install fail2ban 2. Create file /usr/local/etc/fail2ban/jail.local [sshd] enabled = true action = pf port = ssh logpath = %(sshd_log)s [sshd-ddos] enabled = true action = pf port = ssh logpath = %(sshd_log)s 3. Modify /usr/local/etc/fail2ban/action.d/pf.conf You need the correct path to pfctl in "actionban" and "actionunban" and the correct tablename in the [Init] section at the end. 4. service fail2ban onestart > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"