Date: Mon, 16 Apr 2007 13:43:15 -0500 From: Erik Osterholm <erik-freebsd@erikosterholm.org> To: Bill Moran <wmoran@potentialtech.com> Cc: questions@freebsd.org Subject: Re: Defending against SSH attacks with pf Message-ID: <20070416184315.GA93730@idoru.cepheid.org> In-Reply-To: <20070415200255.18e6ab3f.wmoran@potentialtech.com>
index | next in thread | previous in thread | raw e-mail
On Sun, Apr 15, 2007 at 08:02:55PM -0400, Bill Moran wrote: > > There was some discussion on this list not too long ago, and someone > asked if I was willing to make my pf config and the associated scripts > I wrote for it public. I would have posted on the original thread, > but I can't find it now. > > Here is the information: > http://www.potentialtech.com/cms/node/16 > > -- > Bill Moran > http://www.potentialtech.com Hi Bill, I hope you don't mind some suggestions! Your table names (and anything else enclosed in less-than/greater-than symbols) got lost, so using the appropriate escape characters in HTML would be useful. Also, pf tables can be loaded from files containing a list of IP addresses or hostnames, one per line. My table line is as follows: table <sshbf> file "/etc/bruteforce_ssh" I periodically save blocked hosts to this file using a script to format and maintain uniqueness. In this way, my blocks persist across reboots. I'm just as draconian as you are in my blocking policy! Erikhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070416184315.GA93730>