Jeppe Øland wrote:
>> Some of my pfsense boxes get a lot of SSH bruteforces; is there a
package
>> like fail2ban out there which could automatically blacklist IPs
after x bad
>> logins?
> b) limit the connection-rate to a preferred useful value in the
filter-rules
This works reasonably well.
Unfortunately, the entire rule gets locked down when the rate is
exceeded, so you may lock yourself out too. (It automatically unlocks
when the hammering stops and your rate interval expires, and most
hammer scripts move on to a new IP when it stops responding, so it's
not the end of the world).
Request: It would be really nice if pfsense could limit the
connection-rate *per IP*.
Regards,
-Jeppe
Why leave you ssh service exposed to the world? Lock it down to a
range of ip's (or subnet of your isp), or if you don't have static ip's
try setting up openvpn
IMO its best to expose as little as possible.
regards,
Pc
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
