Hello
I have configured sshlockout. But it doesn't work properly.
Here is auth log:
root@openbsd-gw:~ # cat /var/log/authlog | grep sshlockout
Dec 4 06:37:54 openbsd-gw sshlockout[27074]: Detected ssh preauth attempt for
an invalid user, locking out 59.63.166.104
Dec 4 07:40:16 openbsd-gw sshlockout[27074]: Detected ssh login attempt for an
invalid user, locking out 5.188.10.176
Dec 4 07:46:34 openbsd-gw sshlockout[27074]: Detected ssh login attempt for an
invalid user, locking out 185.190.58.108
But table in pf is empty:
root@openbsd-gw:~ # pfctl -t lockout -T show
Some info:
root@openbsd-gw:~ # uname -sr
OpenBSD 6.2
root@openbsd-gw:~ # syspatch -l
001_tcb_invalid
002_fktrace
root@openbsd-gw:~ # pkg_info sshlockout-0.20170726
Information for inst:sshlockout-0.20170726
root@openbsd-gw:~ # ps -aux | grep sshlockout
_syslogd 62152 0.0 0.2 308 1188 ?? Ip 8:31AM 0:00.01
/usr/local/sbin/sshlockout -pf lockout
root@openbsd-gw:~ # cat /etc/syslog.conf | grep sshlockout
auth.info;authpriv.info |exec
/usr/local/sbin/sshlockout -pf lockout
root@openbsd-gw:~ # cat /etc/pf.conf
table <lockout> persist { }
set block-policy drop
set skip on lo
match in all scrub (no-df random-id)
block in all
block in quick from <lockout>
pass in on egress inet proto icmp from any to egress
pass in on egress inet proto tcp from any to egress port { ssh www }
pass out quick inet
Thanks for any help
