>>> Some of my pfsense boxes get a lot of SSH bruteforces; is there a package >>> like fail2ban out there which could automatically blacklist IPs after x >> Request: It would be really nice if pfsense could limit the connection-rate >> *per IP*. > IIRC it is possible to set this per source-IP ;-)
Maybe I missed an option then? How do you configure it? > Why leave you ssh service exposed to the world? Lock it down to a range of ip's > (or subnet of your isp), or if you don't have static ip's try setting up openvpn > IMO its best to expose as little as possible. Sometimes you have to expose it. I can't install OpenVPN on all PCs that I might need access to servers from, and on mergency cellphone access to the servers it just might not be possible. Best compromise I've found so far has been to require certificates to log in to the SSH server. Hammering doesn't stop, but the risk of compromising the server is massively reduced. And with lockdown after X connection attempts in Y seconds, the risk is all but gone. (For the vast majority of servers at least ... maybe not if you run a bank or some such) Regards, -Jeppe
