I manage several different pf firewalls around the country, and so I
need to have ssh access allowed. Occaisionally, (more and more often
lately), I get script kiddies having a go at brute forcing my root
password (see below) or brute forcing a selection of guessed account
names (like guest,
On 5/21/05, Melameth, Daniel D. [EMAIL PROTECTED] wrote:
tefol tefol wrote:
I manage several different pf firewalls around the country, and so I
need to have ssh access allowed. Occaisionally, (more and more
often lately), I get script kiddies having a go at brute forcing my
root
hi,
you can use swatch and pf together to combat this. set a threshold in
swatch as to many failed connections to allow before blocking that
host.
i used to use this i still allowed ssh logins. now i use ssh keys +
sudo for remote access. as there is no login prompt, brute forcing
isn't an
Abdul Rehman Gani wrote:
pass in on $ext_mail reply-to ($ext_mail $router_addr) proto tcp from
any to $ext_mail port { pop3, smtp, ssh } keep state
All works as expected (and required)
Now I want to use spamd on the mail. But the redirect to spamd happens
before the pass rule above,
Hello all,
maybe it is a misconfiguration on my part but i believe the recently
added option to scrub (no) is not working as expected.
We all know the problem with Linux NFS traffic passing over an OpenBSD
box. The no scrub directive gives an excellent opportunity to scrub
everything BUT the nfs
--On 20. Mai 2005 09:45:19 +0100 Peter Galbavy [EMAIL PROTECTED]
wrote:
I would counter this by suggesting that once you set aside common HTTP
connection, which is much of the public traffic now, many connections are
long lived. Streaming, file transfer, VPNs etc.
Yes espcialy VPN
On Sat, May 21, 2005 at 09:52:48PM +0100, mzozd wrote:
# Do not scrub in any direction on INT B for our nfs server
no scrub on $int_b from $LAB_NFS_SERVERS to any
no scrub on $int_b from any to $LAB_NFS_SERVERS
Why restrict these rules to $int_b...
# Scrub on all interfaces
scrub in all
Daniel Hartmeier wrote:
On Sat, May 21, 2005 at 09:52:48PM +0100, mzozd wrote:
# Do not scrub in any direction on INT B for our nfs server
no scrub on $int_b from $LAB_NFS_SERVERS to any
no scrub on $int_b from any to $LAB_NFS_SERVERS
Why restrict these rules to $int_b...
# Scrub
The patch works as expected. The prefixed no scrub rules.
Thank you very much Daniel,
Daniel Hartmeier wrote:
You can try the patch below, or alternatively make sure the positive
scrub rules do not include $LAB_NFS_SERVERS, as a workaround, like
scrub in from ! $LAB_NFS_SERVERS to !