View Single Post
  #1   (View Single Post)  
Old 5th October 2011
Daffy Daffy is offline
Fdisk Soldier
 
Join Date: Jun 2010
Posts: 73
Default attacks are not being added to the pf table

Hi. I ran into a small trouble. I changed the default ssh listening port from 22 to a 1337, added the port in pf.conf but when I tried to login with false credentials from another computer (outside the network) the ip is not being added to the table.

I changed the default port in sshd_config with
Code:
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Port 1337
My pf.conf is the following:
Code:
# macros
int_if="ale0"
localnet = $int_if:network
tcp_services = "{ 62222, www, 1337 }"
udp_services = "{ 62222, www, 1337 }"

# tables
table <bruteforce> persist file "/var/pf/bruteforce"

# options
set loginterface $int_if

# disable filtering on loopback interface
set skip on lo0

# block rules
block log all
block quick from <bruteforce>

# pass rules
pass inet proto tcp to $localnet port $tcp_services \
	keep state (max-src-conn 50, max-src-conn-rate 3/60, \
		overload <bruteforce> flush global)
pass out all
When I have 6 attempts with false password, with 'pfctl -t bruteforce -T show', i get an empty table.

I suspect that something is wrong with the way I changed the port...
Reply With Quote