Date: Thu, 18 Sep 2008 07:52:06 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Nathan Lay <nslay@comcast.net> Cc: "Marc G. Fournier" <scrappy@hub.org>, freebsd-questions@freebsd.org Subject: Re: Auto blacklist ssh connections ... Message-ID: <48D1FA96.2080406@infracaninophile.co.uk> In-Reply-To: <48D1C3CA.30309@comcast.net> References: <14143EECEC1CC52A4BC39AC3@ganymede.hub.org> <48D1C3CA.30309@comcast.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigADBA50EBB425DB9AB324B3CC Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Nathan Lay wrote: > I employed this solution: > http://johan.fredin.info/openbsd/block_ssh_bruteforce.html >=20 > You have to enable pf, but man it works and it works well! Agreed. I use a slight modification of this configuration on a number of firewalls. As specified in the page referenced above, the rule set causes /any/ too-rapid spate of SSH connections to get you locked out, and that includes legitimate users too. Simple=20 modification is to add a whitelist table for addresses that you never want to lock out: table <static-whitelist> const { \ 12.34.56.78 \ ... \ } persist table <ssh-bruteforce> persist [...] block drop in log quick on $ext_if from <ssh-bruteforce> [...] pass in on $ext_if proto tcp \ from !<static-whitelist> to $ext_if port ssh \ flags S/SA keep state \ (max-src-conn-rate 3/30, overload <ssh-bruteforce> flush global) pass in on $ext_if proto tcp \ from <static-whitelist> to $ext_if port ssh \ flags S/SA keep state Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enigADBA50EBB425DB9AB324B3CC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkjR+qMACgkQ8Mjk52CukIySMwCggOBspALMFCTH/81hWDQZ88+S M3wAn2jvb3+AIlNCPyoOsKVkwrJQrobS =ClgD -----END PGP SIGNATURE----- --------------enigADBA50EBB425DB9AB324B3CC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48D1FA96.2080406>