On Monday 29 September 2008, Rich Healey <[EMAIL PROTECTED]> sent a missive stating: > Recently I'm getting a lot of brute force attempts on my server, in the > past I've used various tips and tricks with linux boxes but many of them > were fairly linux specific. > > What do you BSD guys use for this purpose? > > If this belongs on -security let me know and I'll ask over there. > > Cheers > > > Rich
Yeap, -security However, also try this in pf.conf (specific rules related to this; you'll need more for a real pf.conf): table <badguys> { } persist block in quick from <badguys> pass in on $ext_if proto tcp from any to ($ext_if) port ssh keep state (max-src-conn 5, max-src-conn-rate 4/300, overload <badguys> flush global) This will add "badguys" to the table if they connect more then 4 times in 300 seconds. Then use the expiretables port from a cronjob to remove IPs if you feel like it. Henrik -- Henrik Hudson [EMAIL PROTECTED] ------------------------------ "There are 10 kinds of people in the world: Those who understand binary and those who don't..." _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"