Date: Wed, 5 Nov 2014 00:21:15 +0100 From: Charlie Root <root@ymer.thorshammare.org> To: Michael Ross <gmx@ross.cx> Cc: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>, freebsd-questions@freebsd.org Subject: Re: sshguard pf Message-ID: <20141104232115.GA3145@ymer.thorshammare.org> In-Reply-To: <op.xotlwiezg7njmm@michael-think.fritz.box> References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> <20141104110202.GA37003@ymer.thorshammare.org> <44vbmv6kyp.fsf@lowell-desk.lan> <20141104193652.GA3062@ymer.thorshammare.org> <44oasm7l6f.fsf@lowell-desk.lan> <op.xotlwiezg7njmm@michael-think.fritz.box>
next in thread | previous in thread | raw e-mail | index | archive | help
--x+6KMIRAuhnl3hBn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 04, 2014 at 10:56:32PM +0100, Michael Ross wrote: > On Tue, 04 Nov 2014 21:41:44 +0100, Lowell Gilbert =20 > <freebsd-questions-local@be-well.ilk.org> wrote: >=20 > > Charlie Root <root@ymer.thorshammare.org> writes: > > > >> Do "bruteblock" require me to run ipfw2 as my firewall ? > > > > Yes. That's why I mentioned that there are several other options, I just > > don't know them myself. > > > > Last I checked, bruteblock doesn't support IPv6 either, so one of these > > days I may have to check into the choices again. >=20 > For the record, I use fail2ban, > and setting it up was painless, and it will support pf. >=20 > Quick-How-To: >=20 > 1. Install fail2ban > 2. Create file /usr/local/etc/fail2ban/jail.local >=20 > [sshd] >=20 > enabled =3D true > action =3D pf > port =3D ssh > logpath =3D %(sshd_log)s >=20 >=20 > [sshd-ddos] >=20 > enabled =3D true > action =3D pf > port =3D ssh > logpath =3D %(sshd_log)s >=20 >=20 > 3. Modify /usr/local/etc/fail2ban/action.d/pf.conf > You need the correct path to pfctl in "actionban" and "actionunban" > and the correct tablename in the [Init] section at the end. >=20 > 4. service fail2ban onestart >=20 >=20 Thanks a lot everybody. Lots of good advice. Preciate all the help. Think I will give fail2ban another try with the above configuration. I've been running ossec-hids a while ago with great success, but feel like that's shooting mosquitos with a cannon in this case. /hasse --x+6KMIRAuhnl3hBn Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUWV9rAAoJEDCDGDmNzjqcHD4P/A0EL8gANprYFnyvjCwUu47p oiOf3jq9WFpLm4G6qBaLNsd2ihkid5NAT53MFABmmTJ18p12bfQRI3iP/ou5+f8x HjREt010LvJ5Q+s0W9Hf1j4uWFVjDEt3reagYrDnhtQZkdxWWh3LklDqxTzN3XUo 0g1/Dy8PRmMR302iw3rZR1yzxly/5VPJooJN+jU8byNHjrup5SBmClPjS89Y+3tr lt13ybMn+Ga1nhjI8thc8pCQm4GmLtkcxvmsW1z2YyCeyoLzQJIatgCbFcmo7H6T fAqnn9stuKt/cy5cQ9GzPCw8Odt967Rg87fx7Q66z+zcQyK1F1mJWAyV85FSVYj5 cf6BtBPqn2NwYpWSqA/2DE3J2bX9YtsO56CLRGk5FuhXOpkCPhkM9nd5OzPOlx+v KFQa6v1k0YBLdOnuJ4/5sJT92EYfx72zVjRMooRgSHA9iAokapIL9UnFUj2EPuBf 8L6COGePkxbUJRI4M4JSpl1vjOTJq6QjEOaXpWvrSuC2uQGUHRvtgqNkBmlPIHy3 v1MPGt9Dn0WnLNhk/xq8cqo6OSJLMfLyAxFp+7ACdf3c/IuIphCqFGPEYVRIqsTe tI5lUd5JUQrGOutX4PAop7OKMtyPWoDeeRWw3wRscSaDPsUiEsOQmyZ1IORZLV9A ZqmJsQzuFLjSdGpsvtS/ =6LC5 -----END PGP SIGNATURE----- --x+6KMIRAuhnl3hBn--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141104232115.GA3145>