DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Installation and Upgrading

FreeBSD Installation and Upgrading Installing and upgrading FreeBSD.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 18th February 2009
DNAeon DNAeon is offline
Shell Scout
 
Join Date: Sep 2008
Location: Bulgaria
Posts: 138
Default Automaticaly block IPs with PF

Hi,

I frequently check my logs and there are always some ips that are trying to get access to my system using bruteforce or some other scripts. I have never needed a tool to examine my logs and report such attacks, cause I'm looking at my logs very frequently, but now when I won't have that opportunity ( I won't be at home for a certain time ), I'd like to use such a tool that examines the logs and blocks..

What I'm using right now is a table in PF that reads /etc/blocked_ips and blocks each ip listed in the file.
Code:
# --- block every ip from /etc/blocked_ips file ---
table <blocked_ips> persist file "/etc/blocked_ips"

# --- block every ip from /etc/blocked_ips file
block in log quick on $ext_if from <blocked_ips> to any
I'd like to use a script that examines for bad ssh logins (/var/log/auth), bad smtp attempts (/var/log/maillog), etc..

I want to ask you - what kind of automatic protection are you using? Some kind of a self-written scripts, or some ports that examines the logs and put the bad ips in file?

Thanks!
__________________
"I never think of the future. It comes soon enough." - A.E

Useful links: FreeBSD Handbook | FreeBSD Developer's Handbook | The Porter's Handbook | PF User's Guide | unix-heaven.org
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
block spam milo974 OpenBSD Security 1 26th May 2009 11:30 AM
New tool on the block - scrypt s0xxx FreeBSD Security 2 21st May 2009 07:48 AM
Postfix: Block CIDR w/ whitelist?? biscuits FreeBSD Ports and Packages 1 9th February 2009 02:53 AM
Questions about Epiphany and block up popup aleunix OpenBSD Packages and Ports 0 14th June 2008 06:18 AM
BSD n00b needs to block incoming SQL on 3306 renolinux FreeBSD Security 5 27th May 2008 02:26 PM


All times are GMT. The time now is 11:52 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick