Date: Sat, 8 Apr 2023 06:55:24 -0700 From: Pete Wright <pete@nomadlogic.org> To: ports@freebsd.org Subject: Re: security/portsentry removal Message-ID: <b134b226-0eae-ec7c-b947-b04233d6faef@nomadlogic.org> In-Reply-To: <a8619455-ae93-6bfd-fc5e-b0f66d8ffde7@netfence.it> References: <0bfd94dd-5be3-6461-cb98-db1a1664e220@netfence.it> <3d779c56-236d-f18b-5ac0-71f6580bb498@bluerosetech.com> <a8619455-ae93-6bfd-fc5e-b0f66d8ffde7@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/8/23 12:47 AM, Andrea Venturoli wrote: > On 4/8/23 04:56, Mel Pilgrim wrote: > >>> Can anyone suggest something equivalent in the port tree? >> >> Have a look at fail2ban. It's design intent is monitoring running >> services, but really it's just a set of log file regex filters. >> Anything that logs network activity can feed it. > > Hello and thanks for answering. > In fact I'm already using fail2ban for "running" services. > > Portsenty is a bit different, in that it's conceived to listen on > ports used by non-running services. > I.e. > Got a SMTP server? Let fail2ban check its logs. > No? Let portsentry listen on port 25. > > I thought about writing regexes for fail2ban to check if ipfw denied > access to ports where portsentry used to listen. > So far it's the best idea I've come up with, but I hoped for something > simpler (i.e. more close to how portsentry worked). > would blacklistd(8) meet your requirements? i use it to block ssh login spammers with decent success. its part of the base system as well, but does require pf. -p
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b134b226-0eae-ec7c-b947-b04233d6faef>