On Tue, Mar 9, 2010 at 2:45 AM, Jonas Trollvik <[email protected]> wrote:
>> As to blocking repeated login failures, there are such things.
> Doesn't pf have ip blacklisting based on certain rules built in?
in Free- and OpenBSD i use this:
TCP= "proto tcp"
SSA="flags S/SA"
MSF="modulate state"
,,,
table <sshlock> persist
...
pass in on $ext_if $TCP to $ext_addr port ssh $SSA label SSH-Limit \
$MSF (max-src-conn-rate 10/60, overload <sshlock> flush global)
block drop in log on $ext_if from <sshlock> to any label SSH-Lock
...
and then one can convince his cron to periodically flush that table.
IIRC, DragonFly's rather old PF implementation can not handle
max-src-conn-rate. It can handle max-src-states, tho. Go test it :-)
--
wbr, |\ _,,,---,,_ dog bless ya!
` Zzz /,`.-'`' -. ;-;;,_
McLone at GMail dot com |,4- ) )-,_. ,\ ( `'-'
net- and *BSD admin '---''(_/--' `-'\_) ...translit rawx!
