On Mon, Nov 26, 2007 at 06:56:51PM -0800, badeguruji wrote:
> I just discovered by chance that, someone is
> constantly trying to break into my openbsd box from:
>
> My box is behind router-NAT which is allowing ssh.
Try something like this, drops ssh connections from IPs that try more
than 5 times per minute:
table <ssh_scanners> persist
set block-policy drop
block all
block return in log on $lan_if
block return out log on $lan_if
block return out log on $ext_if
pass in log on $ext_if inet proto tcp from any port > 1023 \
to $ext_if port ssh modulate state \
(max-src-conn-rate 5/60, overload <ssh_scanners>)
block in log on $ext_if inet proto tcp from <ssh_scanners> to $ext_if port ssh
--
Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
