From owner-freebsd-questions@FreeBSD.ORG Mon Mar 8 22:21:48 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F1E3D106566B for ; Mon, 8 Mar 2010 22:21:48 +0000 (UTC) (envelope-from kingedgar@gmail.com) Received: from mail-gx0-f211.google.com (mail-gx0-f211.google.com [209.85.217.211]) by mx1.freebsd.org (Postfix) with ESMTP id AB4C88FC08 for ; Mon, 8 Mar 2010 22:21:48 +0000 (UTC) Received: by gxk3 with SMTP id 3so812501gxk.13 for ; Mon, 08 Mar 2010 14:21:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=F14SvTmEyHEEadaSKXhYmN8VdaXNeHy7p52GkbbVIlg=; b=mI2QjFEIaYsewgIKHxkVFoXiZ0cHScfUgrqB9DNtfE0ih74+tKPmFX6c0vieD0DVby R8/FbsH7wNXs/28gpclUrf8fpNEVCsi24q0ewnWJSP01U30ayvmgz7vpl4ksXQw56Tjx /oiZJgXd+f+GFEbRzFAj2N4A/3aP/XehSwJBA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=hJBDBTiMP6vEcvTgaf3awWMeJKF0bIU+t1P61R5tytZ1UM65s4sh2qnplBkKBXtDZ9 olwcxCFcPpAM8I5XSI/+HguvPIqOpilvHeKBnS9KuOEbQtPKCiaWcVPH/AepHMR3V6pe tQ68e06IYLGq3PW65cZKR9C/GUDxQvSYu2Ybc= MIME-Version: 1.0 Received: by 10.150.66.18 with SMTP id o18mr4895532yba.96.1268086905239; Mon, 08 Mar 2010 14:21:45 -0800 (PST) In-Reply-To: <4B957617.9080000@locolomo.org> References: <20100305125446.GA14774@elwood.starfire.mn.org> <4B91B36D.1020507@locolomo.org> <20100307204114.GK16274@mail2.dcoder.net> <4B942D4B.6070407@locolomo.org> <970380131003080956u375be282wd5e5e4445841146f@mail.gmail.com> <4B957617.9080000@locolomo.org> Date: Mon, 8 Mar 2010 16:21:45 -0600 Message-ID: <970380131003081421q13b77547p9f72d4894114d50@mail.gmail.com> From: Jason Garrett To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Thousands of ssh probes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Mar 2010 22:21:49 -0000 On Mon, Mar 8, 2010 at 16:11, Erik Norgaard wrote: > On 08/03/10 18:56, Jason Garrett wrote: > > Much better, restrict the client access to certain ranges of IPs. The >>> different registries publish ip ranges assigned per country and you can >>> create a list blocking countries you are certain not to visit, you can >>> use >>> my script: >>> >>> http://www.locolomo.org/pub/src/toolbox/inet.pl >>> >>> Great script! Just one question. Where do you put the list of denied i= p >> ranges? >> > > The output is written to be used with packet filter, if you use some othe= r > firewall you may need edit the script. If you use packet filter, then you > can dump the list into a file and create tables like this: > > table persist file "/etc/blacklist" > block in quick from > > I use blacklisting for mail while I use whitelisting for ssh. > > You should know the limits of the script, the problem is that some ranges > have been assigned directly by IANA, particularly for US. These are not > included. The list is limited as these are all /8 chunks, you can find it > here: > > http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml > > These ranges are managed by private organisations and assigned as they se= e > fit. > > There is another thing I'd like to filter by: I'd like to eliminate dynam= ic > ranges, particularly for mail. It's been recommended that reverse lookup > resolves to something like dyn.example.com or dynamic.example.com, but > there is no registry where you can simply look it up. > > Thanks! I'm not sure what ranges the OP is looking for, but I only want to allow from US ip's for now, since I never travel outside the country. > > BR, Erik > -- > Erik N=F8rgaard > Ph: +34.666334818/+34.915211157 http://www.locolomo.org > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >