From: Jeppe Øland [mailto:[email protected]]
Sent: Tuesday, July 21, 2009 5:04 AM
To: [email protected]
Subject: Re: [pfSense Support] Anything like fail2ban for PFSense?
>>> Some of my pfsense boxes get a lot of SSH bruteforces; is there a package
>>> like fail2ban out there which could automatically blacklist IPs after x
>> Request: It would be really nice if pfsense could limit the connection-rate
>> *per IP*.
> IIRC it is possible to set this per source-IP ;-)
Maybe I missed an option then?
How do you configure it?
> Why leave you ssh service exposed to the world? Lock it down to a range of
> ip's
> (or subnet of your isp), or if you don't have static ip's try setting up
> openvpn
> IMO its best to expose as little as possible.
Sometimes you have to expose it.
I can't install OpenVPN on all PCs that I might need access to servers from,
and on mergency cellphone access to the servers it just might not be possible.
Best compromise I've found so far has been to require certificates to log in to
the SSH server.
Hammering doesn't stop, but the risk of compromising the server is massively
reduced.
And with lockdown after X connection attempts in Y seconds, the risk is all but
gone.
(For the vast majority of servers at least ... maybe not if you run a bank or
some such)
Regards,
-Jeppe
What is a good values to set?
