Andy Greenwood wrote: > On 2/13/07, Zbigniew Szalbot <[EMAIL PROTECTED]> wrote: >> Hello, >> >> Peter N. M. Hansteen wrote: >> > You can head them off rather easily with a short PF rule set, see >> > eg http://home.nuug.no/~peter/pf/en/bruteforce.html. >> > >> > They can actually be fun to watch :) >> >> It was funny for me because I set the max con rule to 10 and then logged >> in 10 times to see if that would work. Of course that did (silly me!) and >> as a result I blocked myself the access to the machine. I logged in from >> another IP and commented out the pf.conf file entries for the bruteforce >> but wonder how to empty the table (so that it does not contain my ip) and >> enable the bruteforce defence again. > > man pfctl. Specifically the -T switch.
Also, have a look at security/expiretable. You can automagically remove entries from tables after specified time. It is mentioned in the article linked above [1]. HTH, Karol [1] http://home.nuug.no/~peter/pf/en/bruteforce.html -- Karol Kwiatkowski <karol.kwiat at gmail dot com> OpenPGP 0x06E09309
signature.asc
Description: OpenPGP digital signature
