Automaticaly block IPs with PF
I frequently check my logs and there are always some ips that are trying to get access to my system using bruteforce or some other scripts. I have never needed a tool to examine my logs and report such attacks, cause I'm looking at my logs very frequently, but now when I won't have that opportunity ( I won't be at home for a certain time ), I'd like to use such a tool that examines the logs and blocks..
What I'm using right now is a table in PF that reads /etc/blocked_ips and blocks each ip listed in the file.
# --- block every ip from /etc/blocked_ips file --- table <blocked_ips> persist file "/etc/blocked_ips" # --- block every ip from /etc/blocked_ips file block in log quick on $ext_if from <blocked_ips> to any
I want to ask you - what kind of automatic protection are you using? Some kind of a self-written scripts, or some ports that examines the logs and put the bad ips in file?
"I never think of the future. It comes soon enough." - A.E
Useful links: FreeBSD Handbook | FreeBSD Developer's Handbook | The Porter's Handbook | PF User's Guide | unix-heaven.org
|Thread||Thread Starter||Forum||Replies||Last Post|
|block spam||milo974||OpenBSD Security||1||26th May 2009 11:30 AM|
|New tool on the block - scrypt||s0xxx||FreeBSD Security||2||21st May 2009 07:48 AM|
|Postfix: Block CIDR w/ whitelist??||biscuits||FreeBSD Ports and Packages||1||9th February 2009 02:53 AM|
|Questions about Epiphany and block up popup||aleunix||OpenBSD Packages and Ports||0||14th June 2008 06:18 AM|
|BSD n00b needs to block incoming SQL on 3306||renolinux||FreeBSD Security||5||27th May 2008 02:26 PM|