Paul Cockings wrote: > Jeppe Øland wrote: >> >> Some of my pfsense boxes get a lot of SSH bruteforces; is there a >> package >> >> like fail2ban out there which could automatically blacklist IPs >> after x bad >> >> logins? >> > b) limit the connection-rate to a preferred useful value in the >> filter-rules >> >> This works reasonably well. >> Unfortunately, the entire rule gets locked down when the rate is >> exceeded, so you may lock yourself out too. (It automatically unlocks >> when the hammering stops and your rate interval expires, and most >> hammer scripts move on to a new IP when it stops responding, so it's >> not the end of the world). >> >> Request: It would be really nice if pfsense could limit the >> connection-rate *per IP*. >> >> Regards, >> -Jeppe > Why leave you ssh service exposed to the world? Lock it down to a > range of ip's (or subnet of your isp), or if you don't have static > ip's try setting up openvpn > IMO its best to expose as little as possible. > > regards, > Pc > >From a practical standpoint, I harden ssh as best I can(disable v1 and use the allowgroups directive to limit the number of available valid login ids). But you would be surprised at how effective changing the sshd port is.
Again, don't forget to harden sshd as best you can, changing the port should not be your only security measure to implement. And agressive log monitoring is a must. Lyle Giese LCR Computer Services, Inc. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
