View Single Post
Old 27th February 2012
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Additionally,

Code:
# open ssh port - protect ssh server from bruteforce attacks (actual offenders will be picked up by sshguard)
pass in on egress proto tcp \
   from any to (egress) port ssh \
      synproxy state (max-src-conn 15, max-src-conn-rate 5/3)
really needs a <table> inclusion

Code:
# open ssh port - protect ssh server from bruteforce attacks (actual offenders will be picked up by sshguard)
pass in on egress proto tcp \
   from any to (egress) port ssh \
      synproxy state (max-src-conn 15, max-src-conn-rate 5/3 overload <sshbrutes> flush global)
And the -- comprehensive -- way to write the rule goes ...

Code:
# open ssh port - protect ssh server from bruteforce attacks (actual offenders will be picked up by sshguard)

table <sshbrutes> persist {  }
#
pass in log quick on egress inet proto tcp \
   from !{ (egress:0) <sshbrutes>} to (egress:0) port ssh \
      synproxy state (max-src-conn 15, max-src-conn-rate 5/3 overload <sshbrutes> flush global)
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote