Date: Mon, 16 Apr 2007 13:43:15 -0500 From: Erik Osterholm <erik-freebsd@erikosterholm.org> To: Bill Moran <wmoran@potentialtech.com> Cc: questions@freebsd.org Subject: Re: Defending against SSH attacks with pf Message-ID: <20070416184315.GA93730@idoru.cepheid.org> In-Reply-To: <20070415200255.18e6ab3f.wmoran@potentialtech.com> References: <20070415200255.18e6ab3f.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 15, 2007 at 08:02:55PM -0400, Bill Moran wrote: > > There was some discussion on this list not too long ago, and someone > asked if I was willing to make my pf config and the associated scripts > I wrote for it public. I would have posted on the original thread, > but I can't find it now. > > Here is the information: > http://www.potentialtech.com/cms/node/16 > > -- > Bill Moran > http://www.potentialtech.com Hi Bill, I hope you don't mind some suggestions! Your table names (and anything else enclosed in less-than/greater-than symbols) got lost, so using the appropriate escape characters in HTML would be useful. Also, pf tables can be loaded from files containing a list of IP addresses or hostnames, one per line. My table line is as follows: table <sshbf> file "/etc/bruteforce_ssh" I periodically save blocked hosts to this file using a script to format and maintain uniqueness. In this way, my blocks persist across reboots. I'm just as draconian as you are in my blocking policy! Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070416184315.GA93730>