*Hi,* *I am interested in this topic. *
*But IMHO. I think it will be good to use IPFW, because we can use "dynamic rule" to block the traffic, and each "dynamic rule" should have it's own expiry. * *So this sshlockout just need to monitor the ssh log and determine when and how to insert a correct "dynamic rule".* *And suggestion?* *Regards,* *Bill Yuan* On 1 January 2015 at 11:24, Matthew Dillon <[email protected]> wrote: > > commit a4ac8286be21b1495af8ec1db83271dacaa79556 > Author: Matthew Dillon <[email protected]> > Date: Wed Dec 31 19:21:47 2014 -0800 > > sshlockout - Add sshlockout utility > > * Add sshlockout utility, typically setup as a syslog pipe. This > utility > monitors for failed ssh login attempts and excessive preauth failures > and will add a rule via IPFW to block the originating IP. > > The operator also typically sets up a cron job to clean out the IPFW > rules > that have accumulated once a day. > > * See man page for details. Still under construction (feel free to > submit > additional features). > > TODO - IPV6 > > TODO - Use a PF table instead of IPFW, which will greatly improve > performance if a lot of rules have to be added. > > Summary of changes: > usr.sbin/Makefile | 1 + > usr.sbin/sshlockout/Makefile | 6 + > .../monitor.1 => usr.sbin/sshlockout/sshlockout.8 | 72 +++--- > usr.sbin/sshlockout/sshlockout.c | 279 > +++++++++++++++++++++ > 4 files changed, 327 insertions(+), 31 deletions(-) > create mode 100644 usr.sbin/sshlockout/Makefile > copy usr.bin/monitor/monitor.1 => usr.sbin/sshlockout/sshlockout.8 (60%) > create mode 100644 usr.sbin/sshlockout/sshlockout.c > > > http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a4ac8286be21b1495af8ec1db83271dacaa79556 > > > -- > DragonFly BSD source repository >
