We use Fail2Ban with pfSense with a custom php script (on the firewall) that adds the appropriate firewall rules. We have fail2ban set up with multiple levels - so the action to ban in pfSense only happens after several attempts at other services on one machine. That way we can assume the ban should be permanent.
Talk about a real API has come up before, but last time I looked into it, the current authentication system would make it very difficult. - Y On Thu, Oct 10, 2013 at 3:01 AM, Aristedes Maniatis <[email protected]> wrote: > We get a lot of attempts to guess weak ftp passwords on our servers. A > tool which we've used before (and is really nice) is fail2ban. In response > to a certain type or number of failed attempts, it can run a script (for > example, to load a firewall rule blocking that user). > > However, we'd ideally like to add those rules at the firewall rather than > the individual ftp servers. Has anyone attempted something similar. > Ideally, an API in pfSense which allowed us to send through ip addresses to > add to a list. They would be added to a deny table and purged after some > period of time. > > Does this sound useful? Has anyone managed a similar problem? > > Ari > > > > -- > --------------------------> > Aristedes Maniatis > ish > http://www.ish.com.au > Level 1, 30 Wilson Street Newtown 2042 Australia > phone +61 2 9550 5001 fax +61 2 9550 4001 > GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
