Date: Tue, 13 Feb 2007 16:00:15 +0100 From: Karol Kwiatkowski <karol.kwiat@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Onpening and Closing ports Message-ID: <45D1D27F.5090401@gmail.com> In-Reply-To: <3ee9ca710702130600j61d84c87vb6930398ab9984d6@mail.gmail.com> References: <45CEC7A4.7030802@ephgroup.com> <87tzxqpko3.fsf@thingy.datadok.no> <3814.192.168.16.2.1171354601.squirrel@lists.lc-words.com> <3ee9ca710702130600j61d84c87vb6930398ab9984d6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Andy Greenwood wrote: > On 2/13/07, Zbigniew Szalbot <zbyszek@szalbot.homedns.org> wrote: >> Hello, >> >> Peter N. M. Hansteen wrote: >> > You can head them off rather easily with a short PF rule set, see >> > eg http://home.nuug.no/~peter/pf/en/bruteforce.html. >> > >> > They can actually be fun to watch :) >> >> It was funny for me because I set the max con rule to 10 and then logged >> in 10 times to see if that would work. Of course that did (silly me!) and >> as a result I blocked myself the access to the machine. I logged in from >> another IP and commented out the pf.conf file entries for the bruteforce >> but wonder how to empty the table (so that it does not contain my ip) and >> enable the bruteforce defence again. > > man pfctl. Specifically the -T switch. Also, have a look at security/expiretable. You can automagically remove entries from tables after specified time. It is mentioned in the article linked above [1]. HTH, Karol [1] http://home.nuug.no/~peter/pf/en/bruteforce.html -- Karol Kwiatkowski <karol.kwiat at gmail dot com> OpenPGP 0x06E09309 [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF0dKGezeoPAwGIYsRCGUdAKCUduGdtEpIYz7jEpMjHwmO5q6WJgCeMd/F l/4gxAhZp6XxT3AWsYgHRzg= =D46p -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45D1D27F.5090401>