Hi all- I'm a newbie to this list, OpenBSD, pf, and firewalls so go easy on me. :)
I'm sure you've noticed the script-kiddie attacks trying to guess the root password (among other users). Every so often one of them will tick me off enough that I block their IP at the firewall. Normally this works just fine, but in the past couple of days one IP still gets through (211.46.163.166) even though it's in my "bad_hosts" table. Looking through the pf log I see many attempts are indeed blocked by the firewall. But some must get through because I get a few "Failed password for root from 211.46.163.166" on the hosts they are attacking. Now I don't know if this is a problem with my rules, pf, OpenBSD, or the alignment of the planets but there must be a problem somewhere. If it matters, this is a transparent firewall plus an extra NIC for ssh access. Anybody have any ideas? Also if you have any comments about my pf rules, please share (but be gentle). Thanks! Joe
pf.conf.20041015
Description: pf.conf.20041015