[CDBUG-talk] pfctl -t table -T add foo.bar (so what happens on reboot?)

Jameel Akari jakari at bithose.com
Thu Oct 6 09:43:33 EDT 2005

On Thu, 6 Oct 2005, Patrick Muldoon wrote:

> pass in on $ext_if inet proto tcp from any to ($ext_if) \
>  port $tcp_services flags S/SA modulate state \
>  (max-src-conn 5, max-src-conn-rate 4/60, overload <crackers> flush global)

Ok, now I'll admit that bit is very cool indeed, and is arguably more 
robust than what I have been doing.

I have a script that looks for "Invalid user" in /var/log/authlog, strips 
out the IP addresses, appends/sorts/uniq's in a file, and then calls pfctl 
to reload with that file.  Run from cron every 5 minutes, and it provides 
some protection.

Has the disadvantage that you could possibly lock yourself out if you use 
password auth.

I've also taken to running ssh on other ports to avoid the issue 

Jameel Akari

More information about the CDBUG-talk mailing list