DragonFly users List (threaded) for 2010-03
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: Security process

From:	McLone <mclone@xxxxxxxxx>
Date:	Sat, 13 Mar 2010 22:03:57 +0200

On Tue, Mar 9, 2010 at 2:45 AM, Jonas Trollvik <jontro@gmail.com> wrote:
>> As to blocking repeated login failures, there are such things.
> Doesn't pf have ip blacklisting based on certain rules built in?
in Free- and OpenBSD i use this:

TCP= "proto tcp"
SSA="flags S/SA"
MSF="modulate state"
,,,
table <sshlock> persist
. ..
pass in on $ext_if $TCP to $ext_addr port ssh $SSA label SSH-Limit \
    $MSF (max-src-conn-rate 10/60, overload <sshlock> flush global)
block drop in log on $ext_if from <sshlock> to any label SSH-Lock
. ..
and then one can convince his cron to periodically flush that table.

IIRC, DragonFly's rather old PF implementation can not handle
max-src-conn-rate. It can handle max-src-states, tho. Go test it :-)
-- 
wbr,                        |\      _,,,---,,_           dog bless ya!
`                       Zzz /,`.-'`'    -.  ;-;;,_
McLone at GMail dot com    |,4-  ) )-,_. ,\ (  `'-'
  net- and *BSD admin     '---''(_/--'  `-'\_)   ...translit rawx!

References:
- Security process
  - From: Walter <walter@spam.no>
- Re: Security process
  - From: Pierre Abbat <phma@phma.optus.nu>
- Re: Security process
  - From: Jonas Trollvik <jontro@gmail.com>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]