>n 08/22/2009 10:57 PM Peter Maxwell wrote: >>2009/8/23 Len Conrad <[email protected]>: >>>I'm looking for something like bruteblock that logwatches (smtp, ssh, ftp, >>>whatever) and inserts/removes TCP block rules into pf for x hours, so the >>>protocol daemons are involved. >... >>Before implementing something like this, I would urge caution: if what >>you're asking was actually of any use, someone else would probably >>have done it properly. I can't imagine how log entries from an ftp >>server, say, are going to be related to your smtp server security? If >>it's a simple connection management, then >>max-src-conn/max-src-conn-rate might be a more robust solution. > >http://johan.fredin.info/openbsd/block_ssh_bruteforce.html explains how to use >max-src-conn-rate and expiretable. > ># pkg_info -x expiretable >Information for expiretable-0.6: > >Comment: >Utility to remove entries from the pf(4) table based on their age > >Description: >Expiretable is a utility used to remove entries from the pf(4) table >based on their age. > >The age in question being the amount of time that has passed since >the statistics for each entry in the target table was last cleared. > >WWW: http://expiretable.fnord.se/
I have no problem putting IPs into pf, it's expiring them that was blocking me, but expiretable fixes that. I don't use pf for protecting these "sacrificial" machines generally, only for reactive blocking. thanks Len _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
