Marian Hettwer said the following on 02/17/06 00:39:
Atanas wrote:
Last year I already had to decrease the LoginGraceTime from 120 to 30
seconds on my production boxes, but it didn't help much, so on top of
that I got to implement (reinvent the wheel again) a script tailing the
auth.log and firewalling bad gyus in order to secure sshd and let my
legitimate users in.
You could get rid of parsing auth.log and everything and just use pf(4)
instead.
Look at that:
# sshspammer table
table <sshspammer> persist
block log quick from <sshspammer>
# sshspammer
# more than 6 ssh attempts in 15 seconds will be blocked ;)
pass in quick on $ext_if proto tcp to ($ext_if) port ssh $tcp_flags
(max-src-con
n 10, max-src-conn-rate 6/15, overload <sshspammer> flush global)
Thanks for the suggestion! The pf in 5.x/6.x base and especially its
rate-limit capability seems to be a good reason to upgrade my existing
4.x based boxes before RELENG_4's EoL.
Regards,
Atanas
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
