From owner-freebsd-questions@FreeBSD.ORG Tue May 24 02:30:14 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 75F7016A41C for ; Tue, 24 May 2005 02:30:14 +0000 (GMT) (envelope-from lists@natserv.com) Received: from mail1.acecape.com (mail1.acecape.com [66.114.74.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D43643D49 for ; Tue, 24 May 2005 02:30:13 +0000 (GMT) (envelope-from lists@natserv.com) Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147]) by mail1.acecape.com (8.12.11/8.12.11) with ESMTP id j4O2UC2r016217; Mon, 23 May 2005 22:30:12 -0400 Date: Mon, 23 May 2005 22:30:11 -0400 (EDT) From: Francisco Reyes X-X-Sender: fran@zoraida.natserv.net To: Tony Shadwick In-Reply-To: <20050523095117.D47072@mail.goinet.com> Message-ID: <20050523214917.Q46920@zoraida.natserv.net> References: <1368.24.99.220.144.1116792799.squirrel@24.99.220.144> <4290EEB4.9070502@makeworld.com> <20050522202535.K29197@zoraida.natserv.net> <20050523095117.D47072@mail.goinet.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: John DeStefano , Jerry Bell , freebsd-questions@freebsd.org Subject: Re: securing SSH, FBSD systems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 May 2005 02:30:14 -0000 On Mon, 23 May 2005, Tony Shadwick wrote: > Is there an effective way to manage that list? I mean, it seems to me that > you'd be adding mass routes to /etc/rc.conf. How are you going about this. See http://public.natserv.net/blackholing.tar.bz2 I put a shell script, an awk file and a mini readme. > Otherwise, it sounds like very good advice. It is not without it's problems... In particular one needs to clean the sshd.log file every time one runs the program. I may improve it later. Of course, I tend to manage a > hardware firewall in front of any of my machines, so the blackholing should > really occur there. That would be one possible place. > I wonder if that technique works under Linux as well? Don't know. If you have access to a Linux box you could man route and see. It possibly could exist there too. > manage reading my firewall rules. ;) I found it got too messy to read firewall rules when I had blackholing there too. Also the feedback I got was that firewall rule was a flat list, while the route system used some type of tree. In all honesty my machine has so little traffic that I doubt either way would be much of an issue. I just found it simpler to manage having the blackholing outside the firewall rules. That way the firewall rules are "generic" to ports and few IPs.