I have some rules in my pf.conf for ssh brute force where it should
block and log the offending IP address in /etc/bruteforce file. I also
told syslog to log all ssh logging in /var/log/sshd. I can see some
failed login in /var/log/sshd but my /etc/bruteforce file is still
empty. Here's my pf.conf
Chris,
Your /etc/bruteforce file will be read when pf loads its rules. Ip's added
to the bruteforce table through the overload directive will _not_ be
added to the /etc/bruteforce text file.
Can you see ips in the bruteforce table?
pfctl -t bruteforce -T show
If you want to dump those ips from
On Wed, Apr 16, 2008 at 1:39 PM, Calomel [EMAIL PROTECTED] wrote:
Can you see ips in the bruteforce table?
pfctl -t bruteforce -T show
If you want to dump those ips from the table to the text file you can
always do pfctl -t bruteforce -T show /etc/bruteforce
Thanks. This resolved the
3 matches
Mail list logo
