I was wondering if there's some sort of port available that can actively ban
IPs that try and bruteforce a service such as SSH or Telnet, by scanning the
/var/log/auth.log log for Regex such as "Illegal User" or "LOGIN FAILURES",
and then using IPFW to essentially deny (ban) that IP for a certain period of
time or possibly forever.
I've seen a very useful one that works for linux (fail2ban), and was
wondering if one exists for FreeBSD's IPFW?
There are some in the ports, but you can write your own pretty easy too.
The one thing I didn't like about the ones in the ports is the app was
responsible for removing the rules after a set amount of time. Which
could be a problem if that app crashed for some reason. You could lock
yourself out permanently...
Here's a quick perl script I wrote that does what you want...
http://pastebin.com/540575
Combine that with these two crontab entries:
0-59/4 * * * * /sbin/ipfw delete 501 >/dev/null 2>&1
2-59/4 * * * * /sbin/ipfw delete 500 >/dev/null 2>&1
-philip
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
