Re: Can SSH report successful connections to pf?

2018-05-11 Thread Lampshade
>At the end of a "pass" rule in pf.conf, the author adds: > > max‐src‐conn 3, max‐src‐conn‐rate 2/5, overload flush global > >which means: > > "any source can only have a total of three connections, > and they may not create them at a rate faster than two > every five minutes. If

Re: Can SSH report successful connections to pf?

2018-05-05 Thread Luke Small
Cool! On Sat, May 5, 2018 at 3:17 AM Andreas Kusalananda Kähäri < andreas.kah...@icm.uu.se> wrote: > On Fri, May 04, 2018 at 11:56:33PM +, Kapfhammer, Stefan wrote: > > > > You might want to parse /var/log/authlog and the logrotated > authlog.[0-9].gz > > for successful and unsuccessful

Re: Can SSH report successful connections to pf?

2018-05-05 Thread Peter N. M. Hansteen
On 05/05/18 01:56, Kapfhammer, Stefan wrote: > > You might want to parse /var/log/authlog and the logrotated authlog.[0-9].gz > for successful and unsuccessful logins and then add the unsuccessful logins > with pfctl to a blocked table. To have it permanent after a reboot you can > write > with

Re: Can SSH report successful connections to pf?

2018-05-05 Thread Stuart Henderson
On 2018-05-04, Kapfhammer, Stefan wrote: > > You might want to parse /var/log/authlog and the logrotated authlog.[0-9].gz This wheel has been invented several times, if someone wants to make their own they should study revisions to past designs as there have been some nasty

Re: Can SSH report successful connections to pf?

2018-05-05 Thread Etienne
On 04/05/18 23:16, Luke Small wrote: Can SSH and possibly other programs more easily able to report successful connections so pf can make stricter bruteforce connection rejecting even better? See this paper, that might contain what you're trying to achieve:

Re: Can SSH report successful connections to pf?

2018-05-05 Thread Andreas Kusalananda Kähäri
On Fri, May 04, 2018 at 11:56:33PM +, Kapfhammer, Stefan wrote: > > You might want to parse /var/log/authlog and the logrotated authlog.[0-9].gz > for successful and unsuccessful logins and then add the unsuccessful logins > with pfctl to a blocked table. To have it permanent after a reboot

Re: Can SSH report successful connections to pf?

2018-05-04 Thread IL Ka
If you want to open gate for those, who authenticated using ssh, you may need authpf(8) (known as Authentication Gateway) https://www.openbsd.org/faq/pf/authpf.html

Re: Can SSH report successful connections to pf?

2018-05-04 Thread Kapfhammer, Stefan
g 5 mei 2018 00:16 Aan: openbsd-misc Onderwerp: Can SSH report successful connections to pf? Can SSH and possibly other programs more easily able to report successful connections so pf can make stricter bruteforce connection rejecting even better?

Re: Can SSH report successful connections to pf?

2018-05-04 Thread Tony Boston
On 05/05/18 00:16, Luke Small wrote: > Can SSH and possibly other programs more easily able to report successful > connections so pf can make stricter bruteforce connection rejecting even > better? > Hi, could be just me but I didn't get what you want to achieve really. Could you be more

Can SSH report successful connections to pf?

2018-05-04 Thread Luke Small
Can SSH and possibly other programs more easily able to report successful connections so pf can make stricter bruteforce connection rejecting even better?