something like bruteblock for pf?
Ron Wilhoite
ronw at bals.org
Sun Aug 23 14:37:02 UTC 2009
On 08/22/2009 10:57 PM Peter Maxwell wrote:
> 2009/8/23 Len Conrad <LConrad at go2france.com>:
>> I'm looking for something like bruteblock that logwatches (smtp, ssh, ftp, whatever) and inserts/removes TCP block rules into pf for x hours, so the protocol daemons are involved.
>>
...
> Before implementing something like this, I would urge caution: if what
> you're asking was actually of any use, someone else would probably
> have done it properly. I can't imagine how log entries from an ftp
> server, say, are going to be related to your smtp server security? If
> it's a simple connection management, then
> max-src-conn/max-src-conn-rate might be a more robust solution.
>
http://johan.fredin.info/openbsd/block_ssh_bruteforce.html explains how
to use max-src-conn-rate and expiretable.
# pkg_info -x expiretable
Information for expiretable-0.6:
Comment:
Utility to remove entries from the pf(4) table based on their age
Description:
Expiretable is a utility used to remove entries from the pf(4) table
based on their age.
The age in question being the amount of time that has passed since
the statistics for each entry in the target table was last cleared.
WWW: http://expiretable.fnord.se/
Ron
More information about the freebsd-pf
mailing list