[CDBUG-talk] pfctl -t table -T add foo.bar (so what happens on reboot?)
Jameel Akari
jakari at bithose.com
Thu Oct 6 09:43:33 EDT 2005
On Thu, 6 Oct 2005, Patrick Muldoon wrote:
> pass in on $ext_if inet proto tcp from any to ($ext_if) \
> port $tcp_services flags S/SA modulate state \
> (max-src-conn 5, max-src-conn-rate 4/60, overload <crackers> flush global)
Ok, now I'll admit that bit is very cool indeed, and is arguably more
robust than what I have been doing.
I have a script that looks for "Invalid user" in /var/log/authlog, strips
out the IP addresses, appends/sorts/uniq's in a file, and then calls pfctl
to reload with that file. Run from cron every 5 minutes, and it provides
some protection.
Has the disadvantage that you could possibly lock yourself out if you use
password auth.
I've also taken to running ssh on other ports to avoid the issue
altogether.
--
Jameel Akari
More information about the CDBUG-talk
mailing list