On 08/22/2009 10:57 PM Peter Maxwell wrote:
2009/8/23 Len Conrad <[email protected]>:
I'm looking for something like bruteblock that logwatches (smtp, ssh, ftp,
whatever) and inserts/removes TCP block rules into pf for x hours, so the
protocol daemons are involved.
...
Before implementing something like this, I would urge caution: if what
you're asking was actually of any use, someone else would probably
have done it properly. I can't imagine how log entries from an ftp
server, say, are going to be related to your smtp server security? If
it's a simple connection management, then
max-src-conn/max-src-conn-rate might be a more robust solution.
http://johan.fredin.info/openbsd/block_ssh_bruteforce.html explains how
to use max-src-conn-rate and expiretable.
# pkg_info -x expiretable
Information for expiretable-0.6:
Comment:
Utility to remove entries from the pf(4) table based on their age
Description:
Expiretable is a utility used to remove entries from the pf(4) table
based on their age.
The age in question being the amount of time that has passed since
the statistics for each entry in the target table was last cleared.
WWW: http://expiretable.fnord.se/
Ron
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
