sshguard pf
Charlie Root
root at ymer.thorshammare.org
Tue Nov 4 23:21:28 UTC 2014
On Tue, Nov 04, 2014 at 10:56:32PM +0100, Michael Ross wrote:
> On Tue, 04 Nov 2014 21:41:44 +0100, Lowell Gilbert
> <freebsd-questions-local at be-well.ilk.org> wrote:
>
> > Charlie Root <root at ymer.thorshammare.org> writes:
> >
> >> Do "bruteblock" require me to run ipfw2 as my firewall ?
> >
> > Yes. That's why I mentioned that there are several other options, I just
> > don't know them myself.
> >
> > Last I checked, bruteblock doesn't support IPv6 either, so one of these
> > days I may have to check into the choices again.
>
> For the record, I use fail2ban,
> and setting it up was painless, and it will support pf.
>
> Quick-How-To:
>
> 1. Install fail2ban
> 2. Create file /usr/local/etc/fail2ban/jail.local
>
> [sshd]
>
> enabled = true
> action = pf
> port = ssh
> logpath = %(sshd_log)s
>
>
> [sshd-ddos]
>
> enabled = true
> action = pf
> port = ssh
> logpath = %(sshd_log)s
>
>
> 3. Modify /usr/local/etc/fail2ban/action.d/pf.conf
> You need the correct path to pfctl in "actionban" and "actionunban"
> and the correct tablename in the [Init] section at the end.
>
> 4. service fail2ban onestart
>
>
Thanks a lot everybody. Lots of good advice. Preciate all the help.
Think I will give fail2ban another try with the above configuration.
I've been running ossec-hids a while ago with great success, but feel like
that's shooting mosquitos with a cannon in this case.
/hasse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20141105/9d4c6e5a/attachment.sig>
More information about the freebsd-questions
mailing list