From owner-freebsd-questions@FreeBSD.ORG Tue Feb 13 08:15:53 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DD25516A401 for ; Tue, 13 Feb 2007 08:15:53 +0000 (UTC) (envelope-from zbyszek@szalbot.homedns.org) Received: from lists.lc-words.com (lists.lc-words.com [83.19.156.210]) by mx1.freebsd.org (Postfix) with ESMTP id 895A613C474 for ; Tue, 13 Feb 2007 08:15:53 +0000 (UTC) (envelope-from zbyszek@szalbot.homedns.org) Received: from localhost ([::1] helo=lists.lc-words.com) by lists.lc-words.com with esmtp (Exim 4.66 (FreeBSD)) (envelope-from ) id 1HGsq9-0004rD-Qc for freebsd-questions@freebsd.org; Tue, 13 Feb 2007 09:16:41 +0100 Received: from 192.168.16.2 (SquirrelMail authenticated user zbyszek@szalbot.homedns.org) by lists.lc-words.com with HTTP; Tue, 13 Feb 2007 09:16:41 +0100 (CET) Message-ID: <3814.192.168.16.2.1171354601.squirrel@lists.lc-words.com> In-Reply-To: <87tzxqpko3.fsf@thingy.datadok.no> References: <45CEC7A4.7030802@ephgroup.com> <87tzxqpko3.fsf@thingy.datadok.no> Date: Tue, 13 Feb 2007 09:16:41 +0100 (CET) From: "Zbigniew Szalbot" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.5.1 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit Subject: Re: Onpening and Closing ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2007 08:15:53 -0000 Hello, Peter N. M. Hansteen wrote: > You can head them off rather easily with a short PF rule set, see > eg http://home.nuug.no/~peter/pf/en/bruteforce.html. > > They can actually be fun to watch :) It was funny for me because I set the max con rule to 10 and then logged in 10 times to see if that would work. Of course that did (silly me!) and as a result I blocked myself the access to the machine. I logged in from another IP and commented out the pf.conf file entries for the bruteforce but wonder how to empty the table (so that it does not contain my ip) and enable the bruteforce defence again. Thank you very much! -- Zbigniew Szalbot