Hi. I ran into a small trouble. I changed the default ssh listening port from 22 to a 1337, added the port in pf.conf but when I tried to login with false credentials from another computer (outside the network) the ip is not being added to the table.
I changed the default port in sshd_config with
Code:
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port 1337
My pf.conf is the following:
Code:
# macros
int_if="ale0"
localnet = $int_if:network
tcp_services = "{ 62222, www, 1337 }"
udp_services = "{ 62222, www, 1337 }"
# tables
table <bruteforce> persist file "/var/pf/bruteforce"
# options
set loginterface $int_if
# disable filtering on loopback interface
set skip on lo0
# block rules
block log all
block quick from <bruteforce>
# pass rules
pass inet proto tcp to $localnet port $tcp_services \
keep state (max-src-conn 50, max-src-conn-rate 3/60, \
overload <bruteforce> flush global)
pass out all
When I have 6 attempts with false password, with 'pfctl -t bruteforce -T show', i get an empty table.
I suspect that something is wrong with the way I changed the port...