Date: Thu, 17 Dec 2009 17:34:22 -0800 From: Brandon Low <lostlogic@lostlogicx.com> To: freebsd-questions@freebsd.org Subject: RFC: Fam/Python based script for bruteforce blocking Message-ID: <20091218013422.GI73162@lostlogicx.com>
next in thread | raw e-mail | index | archive | help
--17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, I'm pretty new to FreeBSD, but when I saw how neatly it supported file-backed tables for IP blocking I knew I'd finally want to build a bruteforce blocking script that I'd long wanted to create on Linux. This script is loosely based on the perl script for the same purpose from http://home.earthlink.net/~valiantsoul/pf.html . My script, in contrast to the above, runs as a daemon and is completely self contained other than the blacklist file. Of course it's up to the user to create the bruteforce table in pf and to do something useful with it, but once that's done just running the bruteforce.py daemon will take care of the rest. I've attached the script and my pf.conf. The only other requirements other than python are py-fam and (of course) a configured fam. I'd love to hear other people's feedback on this approach of using FAM + auth.log to implement this and/or to hear of other superior approaches to achieving this result. Thanks for reading, --Brandon --17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="pf.conf" table <bruteforce> persist file "/var/db/blacklist" table <safe> persist file "/var/db/friendlist" block in all pass in on nfe0 proto tcp from any to any port 22 keep state pass in on nfe0 proto tcp from any to any port 80 keep state pass in on nfe0 proto tcp from any to any port 443 keep state pass in on nfe0 proto tcp from any to any port 25 keep state pass in on nfe0 proto tcp from any to any port 465 keep state pass in on nfe0 proto tcp from any to any port 993 keep state pass in on nfe0 proto udp from any to any port 53 pass in on nfe0 proto tcp from any to any port 53 keep state pass in on nfe0 proto udp from any to any port 123 pass in on nfe0 proto icmp block from <bruteforce> pass from <safe> pass on lo0 pass out all keep state --17pEHd4RhPHOinZp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091218013422.GI73162>