Defending against SSH attacks with pf

Erik Osterholm erik-freebsd at erikosterholm.org
Mon Apr 16 19:13:45 UTC 2007


On Sun, Apr 15, 2007 at 08:02:55PM -0400, Bill Moran wrote:
>
> There was some discussion on this list not too long ago, and someone
> asked if I was willing to make my pf config and the associated scripts
> I wrote for it public.  I would have posted on the original thread,
> but I can't find it now.
>
> Here is the information:
> http://www.potentialtech.com/cms/node/16
>
> --
> Bill Moran
> http://www.potentialtech.com

Hi Bill,

I hope you don't mind some suggestions!

Your table names (and anything else enclosed in less-than/greater-than
symbols) got lost, so using the appropriate escape characters in HTML
would be useful.

Also, pf tables can be loaded from files containing a list of IP
addresses or hostnames, one per line.  My table line is as follows:

table <sshbf> file "/etc/bruteforce_ssh"

I periodically save blocked hosts to this file using a script to
format and maintain uniqueness.  In this way, my blocks persist across
reboots.  I'm just as draconian as you are in my blocking policy!

Erik



More information about the freebsd-questions mailing list