View Single Post
  #1   (View Single Post)  
Old 7th January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default Handling ssh login attempts with pf

Hello.

Since a couple of days my little router appearances a lot of connections to port 22 from a bunch of same hosts which my pf firewall correctly drops. How can I put those attemps automatically to a table "attackers"?

I had something like the following in mind. Is that possible?

Code:
table <attackers> persist

block in quick on $EXT from <attackers>

block in quick on $EXT from any to ($EXT:0) port 22 (max 1, overload <attackers> flush)
Obvious. The third rule does not work. But how can I accomplish something like that?
Reply With Quote