DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th December 2011
dbach dbach is offline
Port Guard
 
Join Date: Aug 2011
Posts: 23
Thanked 0 Times in 0 Posts
Default pf.conf output to bruteforce file

Hello All:

I have the following rule in pf.conf:

# bruteforce blocking
block quick from <bruteforce>
pass inet proto tcp to $nic port ssh \
keep state (max-src-conn 10, max-src-conn-rate 5/5 \
overload <bruteforce> flush global)

Where should the bruteforce file be placed and with which permissions to have pf write out information for bruteforced attempts?

Thanks,
Darryl
Reply With Quote
  #2   (View Single Post)  
Old 30th December 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,116
Thanked 182 Times in 149 Posts
Default

It has been a while when I played with pf tables.

AFAIK pf keeps the contents of tables in memory. But according the pfctl man page you can show/display the contents of a table with pfctl -t bruteforce -T show
So if you redirect that output to file with something like pfctl -t bruteforce -T show >bruteforce.txt you have those addresses in a file.

How to use that file for a next reload of the pf.conf rules is well explained in the pf users guide and pfctl man page.
For permissions I would start with the same as "/etc/pf.conf" : rw for root, nothing for group and world.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 31st December 2011
dbach dbach is offline
Port Guard
 
Join Date: Aug 2011
Posts: 23
Thanked 0 Times in 0 Posts
Default Thanks for the reply

Darryl
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DVI output in X backrow OpenBSD General 5 14th April 2011 04:39 AM
output to a file in java c0mrade Programming 4 15th October 2009 07:55 AM
difference between rc.conf and loader.conf disappearedng FreeBSD General 5 3rd September 2008 05:54 AM
C and file input/output 18Googol2 Programming 3 20th August 2008 04:02 PM
strange security run output deadeyes FreeBSD Security 5 2nd July 2008 04:51 PM


All times are GMT. The time now is 09:54 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick