Date: Sun, 6 Dec 2009 16:17:42 -0000 From: "Torsten Kersandt" <torsten@cnc-london.net> To: <freebsd-pf@freebsd.org> Subject: RE: Limit connections doesn't work Message-ID: <015501ca768f$a42353e0$ec69fba0$@net> In-Reply-To: <4B1BAF1D.9070105@gmx.de> References: <6783768.102251260022192330.JavaMail.root@zimbra-store> <4B1BAF1D.9070105@gmx.de>
next in thread | previous in thread | raw e-mail | index | archive | help
HI=20 I personally have all ssh and alike ports closed on my servers. If I want to connect to the server per ssh or whatever function, I login = to a hidden php which adds my current IP to a sql table. I use sql because I'm not the only one using this and want to keep track = which admin is logging in. A cron job is running every minute looking in the table and adding the = new ip addresses to the pf include file and reloading PF Every night at 4am, I empty the text file and reload pf. I know that this could be done more elegant but KISS is what I like. In addition I have tcpserver running a perl script on a non privileged = port to add a IP to the sql tables if apache fails. #!/bin/sh ### MySQL Setup ### MUSER=3D"username" MPASS=3D"password" MHOST=3D"localhost" MYSQL=3D"/usr/local/bin/mysql" # ### Get all new IP addresses ### DBS=3D"$($MYSQL -u $MUSER -h $MHOST -p$MPASS -Bse 'select ipAddress from = intranet.ipCleared WHERE `timestamp` > (UNIX_TIMESTAMP()-60)')" for ip in $DBS do ## this bit is emailed to me over cron run-output if a new IP address = was found echo $ip >> /usr/local/etc/pf/pf.VNCallow echo "Added $ip to VNC Access from MYSQL Table" /etc/rc.d/pf reload done
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?015501ca768f$a42353e0$ec69fba0$>