Date: Tue, 25 Aug 2009 03:52:08 +0200 From: Daniel Gerzo <danger@FreeBSD.org> To: =?ISO-8859-1?Q?Bal=E1zs_M=E1t=E9ffy?= <repcsike@gmail.com> Cc: freebsd-pf <freebsd-pf@freebsd.org> Subject: Re: something like bruteblock for pf? Message-ID: <4A9343C8.3080101@FreeBSD.org> In-Reply-To: <c4b701070908231514j76c65c3arb26fa66ad92aae5a@mail.gmail.com> References: <200908230132343.SM01728@W500.Go2France.com> <4A91B7E5.8050007@FreeBSD.org> <c4b701070908231514j76c65c3arb26fa66ad92aae5a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Balázs Mátéffy wrote:
> Hi guys,
>
> I'm using bruteforceblocker at the moment on my systems, thanks for this
> great utility Daniel!
>
> Can you tweak it to be able to get the ips from proftpd or any other log, or
> its working out of the box, you just have to set it up in syslog.conf(didn't
> see that feature in the doc.)?
>
> Or for these things sshguard is more appropiate?
Check the /usr/local/sbin/bruteforceblocker file and edit the line which
looks like the following:
if (/.*Failed password.*from
($work->{ipv4}|$work->{ipv6}|$work->{fqdn}) port.*/i || ...
You just need to add any regular expression that meets your requirements
and set the syslog up so that the logs are directed to bruteforceblocker
as well.
--
S pozdravom / Best regards
Daniel Gerzo, FreeBSD committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A9343C8.3080101>