>At the end of a "pass" rule in pf.conf, the author adds:
>
> max‐src‐conn 3, max‐src‐conn‐rate 2/5, overload flush global
>
>which means:
>
> "any source can only have a total of three connections,
> and they may not create them at a rate faster than two
> every five minutes. If
Cool!
On Sat, May 5, 2018 at 3:17 AM Andreas Kusalananda Kähäri <
andreas.kah...@icm.uu.se> wrote:
> On Fri, May 04, 2018 at 11:56:33PM +, Kapfhammer, Stefan wrote:
> >
> > You might want to parse /var/log/authlog and the logrotated
> authlog.[0-9].gz
> > for successful and unsuccessful
On 05/05/18 01:56, Kapfhammer, Stefan wrote:
>
> You might want to parse /var/log/authlog and the logrotated authlog.[0-9].gz
> for successful and unsuccessful logins and then add the unsuccessful logins
> with pfctl to a blocked table. To have it permanent after a reboot you can
> write
> with
On 2018-05-04, Kapfhammer, Stefan wrote:
>
> You might want to parse /var/log/authlog and the logrotated authlog.[0-9].gz
This wheel has been invented several times, if someone wants to make
their own they should study revisions to past designs as there have
been some nasty
On 04/05/18 23:16, Luke Small wrote:
Can SSH and possibly other programs more easily able to report successful
connections so pf can make stricter bruteforce connection rejecting even
better?
See this paper, that might contain what you're trying to achieve:
On Fri, May 04, 2018 at 11:56:33PM +, Kapfhammer, Stefan wrote:
>
> You might want to parse /var/log/authlog and the logrotated authlog.[0-9].gz
> for successful and unsuccessful logins and then add the unsuccessful logins
> with pfctl to a blocked table. To have it permanent after a reboot
If you want to open gate for those, who authenticated using ssh, you may
need authpf(8) (known as Authentication Gateway)
https://www.openbsd.org/faq/pf/authpf.html
g 5 mei 2018 00:16
Aan: openbsd-misc
Onderwerp: Can SSH report successful connections to pf?
Can SSH and possibly other programs more easily able to report successful
connections so pf can make stricter bruteforce connection rejecting even
better?
On 05/05/18 00:16, Luke Small wrote:
> Can SSH and possibly other programs more easily able to report successful
> connections so pf can make stricter bruteforce connection rejecting even
> better?
>
Hi,
could be just me but I didn't get what you want to achieve really.
Could you be more
Can SSH and possibly other programs more easily able to report successful
connections so pf can make stricter bruteforce connection rejecting even
better?
10 matches
Mail list logo