Date: Mon, 23 May 2005 22:30:11 -0400 (EDT) From: Francisco Reyes <lists@natserv.com> To: Tony Shadwick <tshadwick@goinet.com> Cc: John DeStefano <john.destefano@gmail.com>, Jerry Bell <jbell@stelesys.com>, freebsd-questions@freebsd.org Subject: Re: securing SSH, FBSD systems Message-ID: <20050523214917.Q46920@zoraida.natserv.net> In-Reply-To: <20050523095117.D47072@mail.goinet.com> References: <f2160e0d05052205454e6071d5@mail.gmail.com> <1368.24.99.220.144.1116792799.squirrel@24.99.220.144> <4290EEB4.9070502@makeworld.com> <20050522202535.K29197@zoraida.natserv.net> <20050523095117.D47072@mail.goinet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 23 May 2005, Tony Shadwick wrote: > Is there an effective way to manage that list? I mean, it seems to me that > you'd be adding mass routes to /etc/rc.conf. How are you going about this. See http://public.natserv.net/blackholing.tar.bz2 I put a shell script, an awk file and a mini readme. > Otherwise, it sounds like very good advice. It is not without it's problems... In particular one needs to clean the sshd.log file every time one runs the program. I may improve it later. Of course, I tend to manage a > hardware firewall in front of any of my machines, so the blackholing should > really occur there. That would be one possible place. > I wonder if that technique works under Linux as well? Don't know. If you have access to a Linux box you could man route and see. It possibly could exist there too. > manage reading my firewall rules. ;) I found it got too messy to read firewall rules when I had blackholing there too. Also the feedback I got was that firewall rule was a flat list, while the route system used some type of tree. In all honesty my machine has so little traffic that I doubt either way would be much of an issue. I just found it simpler to manage having the blackholing outside the firewall rules. That way the firewall rules are "generic" to ports and few IPs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050523214917.Q46920>