*the IP address will be blocked from creating new SSH connection for 10 minutes if IP failed to login for 3 times within 5 minutes.*
*I think, it should be the requirement.* *I used to resolve this with a very simple perl script, I named that script "stack.pl <http://stack.pl>", tail and other command can print the IP address from the log file, and the IP address will pipe into the stack.pl <http://stack.pl>* *the stack.pl <http://stack.pl> will check/maintains the mapping of TIME=>IP, and call command to block the IP, and at that time, I use cronjob to remove the IP from iptables* *Regards,* *Bill Yuan* On 21 January 2015 at 15:23, Matthew Dillon <[email protected]> wrote: > It would be a bad idea to allow arbitrary commands to be executed. That > opens up a whole slew of possible breakages and security issues. I don't > mind there being options to add specifically to IPFW or PF (as long as PF > is the default), and I don't mind there being an option to be able to > specify the IPFW rule when in IPFW mode. But we should not get too fancy. > > I'm running the PF version on most of the production blades and my home > machines now. It's a pretty good test because they usually accumulate > ~20-30 different IPs a day or more. kronos has already locked out 9. > > -Matt > > On Tue, Jan 20, 2015 at 6:52 AM, bycn82 <[email protected]> wrote: > >> *I recommend to use this feature in ipfw is because delete ip using >> crontab sounds not good for me.* >> >> *Regards,* >> *Bill Yuan* >> >> On 19 January 2015 at 17:51, Michael Neumann <[email protected]> wrote: >> >>> >>> >>> Am 18.01.2015 um 12:31 schrieb bycn82: >>> >>>> /Hi,/ >>>> / >>>> / >>>> /I just implemented a feature which can work nicely with your >>>> sshlockout. / >>>> /You can manually insert a state as below and the state will be maintain >>>> by ipfw itself./ >>>> / >>>> / >>>> /ipfw state add rulenum 100 udp 192.168.1.1:0 <http://192.168.1.1:0> >>>> 8.8.8.8:53 <http://8.8.8.8:53> expiry +600/ >>>> / >>>> / >>>> /so you dont need to implement the logic to maintain the IP addresses or >>>> configure any crontab to remove../ >>>> >>> >>> Cool! >>> >>> I think I will extend sshlockout so that it runs arbitrary commands. >>> >>> At the moment you run: >>> >>> sshlockout lockout >>> >>> which would then be equal to: >>> >>> sshlockout "pfctl -tlockout -Tadd %s" >>> >>> So it will works with ipfw: >>> >>> sshlockout "ipfw state add rulenum 100 udp 192.168.1.1:0 %s:53 >>> expiry +600" >>> >>> What do you think? >>> >>> Regards, >>> >>> Michael >>> >>> >>> / >>>> / >>>> /different state can have different expiry or "life time"./ >>>> / >>>> / >>>> /any comment?/ >>>> / >>>> / >>>> >>>> /Regards,/ >>>> /Bill Yuan/ >>>> >>>> On 14 January 2015 at 02:25, Michael Neumann >>>> <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> >>>> commit ed17c1722f7702eb6422f73152c0091819a1900f >>>> Author: Michael Neumann <[email protected] <mailto: >>>> [email protected]>> >>>> Date: Tue Jan 13 13:04:29 2015 +0100 >>>> >>>> sshlockout - use a PF table instead of IPFW >>>> >>>> Summary of changes: >>>> usr.sbin/sshlockout/sshlockout.8 | 27 +++++++++++------- >>>> usr.sbin/sshlockout/sshlockout.c | 59 >>>> +++++++++++++++++++++++++++------------- >>>> 2 files changed, 57 insertions(+), 29 deletions(-) >>>> >>>> http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/ >>>> ed17c1722f7702eb6422f73152c0091819a1900f >>>> >>>> >>>> -- >>>> DragonFly BSD source repository >>>> >>>> >>>> >> >
