Edwin D. Vinas wrote: > hello, > > shown below is snapshot of too many illegal > attempts to login to my server from a suspicious > hacker. this is taken from the "/var/log/auth.log". > my question is, how do i automatically block an > IP address if it is attempting to guess my login > usernames? can i configure the firewall to check > the instances a certain IP has
My solution is not full proof, but appears to be good enough to stop these bulk attacks on my server. I use a combination of firewall & alternative sshd port. For example, in /etc/rc.conf, I have: sshd_enable="YES" sshd_flags="-p 22 -p 1234" (choose 1234 whatever alternative port number you prefer) Then add two tcp rules to your firewall: ipfw add allow log tcp from 55.44.33.22/11 to \ ${oip} ssh in via ${oif} setup ipfw add allow log tcp from any to ${oip} 1234 \ in via ${oif} setup where "55.44.33.22/11" represents your, more or less, trusted nearby network, ${oip} your outbound IP and ${oif} your outbound interface (e.g. rl0). I suppose you're familiar enough with firewall rules. These firewall rules allow 'regular' ssh connections only from within your nearby network; all other parties must connect over the alternative port number, 1234 in this example. Regards, Rob. __________________________________ Do you Yahoo!? Yahoo! Sports - Sign up for Fantasy Baseball. http://baseball.fantasysports.yahoo.com/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"