Re: security/portsentry removal
- Reply: Moin Rahman : "Re: security/portsentry removal"
- Reply: Andrea Venturoli : "Re: security/portsentry removal"
- In reply to: Andrea Venturoli : "Re: security/portsentry removal"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 08 Apr 2023 13:55:24 UTC
On 4/8/23 12:47 AM, Andrea Venturoli wrote: > On 4/8/23 04:56, Mel Pilgrim wrote: > >>> Can anyone suggest something equivalent in the port tree? >> >> Have a look at fail2ban. It's design intent is monitoring running >> services, but really it's just a set of log file regex filters. >> Anything that logs network activity can feed it. > > Hello and thanks for answering. > In fact I'm already using fail2ban for "running" services. > > Portsenty is a bit different, in that it's conceived to listen on > ports used by non-running services. > I.e. > Got a SMTP server? Let fail2ban check its logs. > No? Let portsentry listen on port 25. > > I thought about writing regexes for fail2ban to check if ipfw denied > access to ports where portsentry used to listen. > So far it's the best idea I've come up with, but I hoped for something > simpler (i.e. more close to how portsentry worked). > would blacklistd(8) meet your requirements? i use it to block ssh login spammers with decent success. its part of the base system as well, but does require pf. -p