Hi,
I have noticed that people constantly try to brute force sshd on my
openbsd box, on my server I use fail2ban to prevent this and wondered if
there is a similar solution for openbsd.
Regards,
--
Charlie Clark
Network Engineer
Lemon Computing Ltd
Unit 9
26-28 Priests Bridge
London
SW14
daemon via port 22.
It was a ugly hack but it worked for us. I shall have a backup copy somewhere on
my powerbook at home...
On Thu, Nov 6, 2008 at 3:33 PM, Charlie Clark [EMAIL PROTECTED] wrote:
Hi,
I have noticed that people constantly try to brute force sshd on my openbsd
box, on my server
04:20:15 am Charlie Clark wrote:
Hi,
I am trying to setup an openbsd router but are having a big problem
getting it to work.
Here is the scenario:
The router has 3 public IP's, with 2 internet connections and sits just
outside a DMZ. Behind the router there are a number of hosts with public
?
The filter rules look fine and nothing is being blocked
I would appreciate any help.
Thanks,
--
Charlie Clark
Network Engineer
Lemon Computing Ltd
Unit 9
26-28 Priests Bridge
London
SW14 8TA
UK
Tel: +44 208 878 2138
Fax: +44 208 878 2163
Email: [EMAIL PROTECTED]
Site: http://www.lemon
as I am aware
If it's natting or filtering packets it's a gateway.
--
Cezary Morga
If you live to be one hundred, you've got it made. Very few people die
past that age. (George Burns)
--
Charlie Clark
Network Engineer
Lemon Computing Ltd
Unit 9
26-28 Priests Bridge
London
SW14 8TA
UK
block out on $ext_if from any to badsites
block out on $ext_if from any to $winupdate
--
Charlie Clark
Network Engineer
Lemon Computing Ltd
Unit 9
26-28 Priests Bridge
London
SW14 8TA
UK
Tel: +44 208 878 2138
Fax: +44 208 878 2163
Email: [EMAIL PROTECTED]
Site
please explain me better.
Sorry to bother u.
Thanks
-Mensagem original-
De: Charlie Clark [mailto:[EMAIL PROTECTED]
Enviada em: quarta-feira, 15 de outubro de 2008 13:38
Para: Ricardo Augusto de Souza
Assunto: Re: Filtering outgoing connections in pf
Hi Ricardo,
Thats because
=
--
Charlie Clark
Network Engineer
Lemon Computing Ltd
Unit 9
26-28 Priests Bridge
London
SW14 8TA
UK
Tel: +44 208 878 2138
Fax: +44 208 878 2163
Email: [EMAIL PROTECTED]
Site: http://www.lemon-computing.com/
Lemon Computing is a limited company registered in England Wales under
Company No. 03697052
the same
ruleset.
Does this make more sence?
--
Charlie Clark
Network Engineer
Lemon Computing Ltd
Unit 9
26-28 Priests Bridge
London
SW14 8TA
UK
Tel: +44 208 878 2138
Fax: +44 208 878 2163
Email: [EMAIL PROTECTED]
Site: http://www.lemon-computing.com/
Lemon Computing is a limited company
that the ruleset
was loaded correctly, which means that the file it creates to compare
newly loaded rulesets against might not have been the currently running
config
--
Charlie Clark
Network Engineer
Lemon Computing Ltd
Unit 9
26-28 Priests Bridge
London
SW14 8TA
UK
Tel: +44 208 878 2138
Fax: +44
if that same admin that locked himself
out did an accidental halt or rm -rf / ? Surely you have a means to
fix that ? Why is the firewall so special ?
I have, the root is mounted readonly, and halt is not possible :)
--
Charlie Clark
Network Engineer
Lemon Computing Ltd
Unit 9
26-28 Priests Bridge
option, at the moment I cannot query any
'set' options in my ruleset to compare new rulesets against
--
Charlie Clark
Network Engineer
Lemon Computing Ltd
Unit 9
26-28 Priests Bridge
London
SW14 8TA
UK
Tel: +44 208 878 2138
Fax: +44 208 878 2163
Email: [EMAIL PROTECTED]
Site: http://www.lemon
Stuart Henderson wrote:
On 2008/07/28 11:37, Charlie Clark wrote:
don't you have some way to handle the other situations where pfctl -sr
doesn't output exactly what pfctl -f was fed as input? how do you handle
macros or the ruleset optimiser?
There are no macro's as I'm using
Stuart Henderson wrote:
On 2008-07-28, Charlie Clark [EMAIL PROTECTED] wrote:
Stuart Henderson wrote:
On 2008/07/28 11:37, Charlie Clark wrote:
don't you have some way to handle the other situations where pfctl -sr
doesn't output exactly what pfctl -f was fed as input? how
Hi,
I have noticed that you are unable to view the currently loaded options
for pf using pfctl, even 'pfctl -sa' doesn't show the options eg. set
skip on tun0.
Is this going to be implemented soon or is it there and I'm missing
something?
Regards,
--
Charlie Clark
Network Engineer
Lemon
Stuart Henderson wrote:
On 2008-07-25, Charlie Clark [EMAIL PROTECTED] wrote:
Hi,
I have noticed that you are unable to view the currently loaded options
for pf using pfctl, even 'pfctl -sa' doesn't show the options eg. set
skip on tun0.
Is this going to be implemented soon
Henning Brauer wrote:
* Charlie Clark [EMAIL PROTECTED] [2008-07-25 14:41]:
Is this going to be implemented soon or is it there and I'm missing
something?
that is probably never going to be implemented, as some options just
affect further parsing and aren't loaded to the kernel
Hi,
I have noticed that you are unable to view the currently loaded options
for pf using pfctl, even 'pfctl -sa' doesn't show the options eg. set
skip on tun0.
Is this going to be implemented soon or is it there and I'm missing
something?
Regards,
--
Charlie Clark
Network Engineer
Lemon
18 matches
Mail list logo