Hello, i'm trying to install the bruteforceblocker script to stop ssh attacks, but i'm having a problem with PF because it seems not to block the attacker ip.
The machine is connected to internet and has some needed services for the LAN, so i want to log and block only outside attacks. The bruteforceblocker script seems to be working, because i can read the initial time of it at /var/log/auth.log, so i think the problem may be at my pf configuration. Any help? Thanks a lot ####/etc/pf.conf#### table <bruteforce> persist file "/var/log/bruteforce" # options set block-policy return set loginterface $ext_if # scrub scrub in all # filter rules block all pass quick on lo0 all pass in on bge0 from 10.200.62.0/24 to 10.200.62.17 pass out on bge0 from 10.200.62.17 to 10.200.62.0/24 block in log quick inet proto tcp from <bruteforce> to any port ssh ####This is my conf of bruteforceblocker#### my $logfile = '/var/log/auth.log'; # file where this script will log to my $pfctl = '/sbin/pfctl'; # pfctl binary my $table = 'bruteforce'; # pf table my $tablefile = '/var/log/bruteforce'; # file where table persist my $max_attempts = 3; # number of max allowed fails my $timeout = 3600; # number of seconds after resetting of ip my %count = (); # number of failed tries my %time = (); # last modified time _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"