DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 29th January 2009
gosha gosha is offline
Spam Deminer
 
Join Date: Jun 2008
Location: China
Posts: 256
Default please check my pf.conf

Below is my pf.conf which I put together reading the man page and googling around.
It seems to work fine, I'm using it since quite a few months. I have a restricted user "amule" which I use to run amule (rarely, actually), do the lines in my pf.conf make sense (it seems they do, I remember trying to changing them and thus blocking amule traffic).
I use this computer basically as a desktop, but is on 24h/day, so, I need it to be safe.
In google I found this script to block brute-force attacks, which works very well:

Code:
pfctl -t ssh-violations -T flush
for ips in `cat /var/log/authlog | grep sshd | grep "Invalid" | awk '{print $10}' | uniq -d` ; do
       pfctl -t ssh-violations -T add $ips
  done
cat /var/log/authlog | grep sshd | grep "Failed" | rev  | cut -d\  -f 4 | rev | sort | uniq -c | \
( while read num ips; do
    if [ $num -gt 5 ]; then
         if ! pfctl -s rules | grep -q $ips ; then
                pfctl -t ssh-violations -T add $ips
        fi
    fi
done
)
Code:
ext_if="gem0"
ssh= "{ 22 }"
table <ssh-violations> persist file "/etc/ssh-violations"
# options
set block-policy drop
set state-policy if-bound
set loginterface $ext_if
set optimization normal
set skip on lo0

# scrub
scrub in on $ext_if all
pass quick on lo0 all
antispoof for $ext_if

block in log all
block out all
block in quick log from <ssh-violations> to any
pass on $ext_if proto tcp from any to any port $ssh
pass on $ext_if proto tcp from any to any port 4662 user amule
pass on $ext_if proto udp from any to any port 4665 user amule
pass on $ext_if proto udp from any to any port 4672 user amule
pass on $ext_if proto tcp from any to any port 4712 user amule
pass on $ext_if proto tcp from any to any port 4661 user amule
pass out quick on $ext_if inet

martians = "{ 127.0.0.0/8, 172.16.0.0/12, \
              10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \
              0.0.0.0/8, 240.0.0.0/4 }"

block drop in quick on $ext_if from $martians to any
block drop out quick on $ext_if from any to $martians

Any comments or suggestions will be greatly appreciated
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Check this out (funny contest). fbsduser Off-Topic 6 4th March 2009 10:48 PM
Best way to check and fix corrupt disk? bsdme2 FreeBSD General 5 29th January 2009 06:10 PM
check for badblocks ccc FreeBSD General 5 30th October 2008 07:00 PM
difference between rc.conf and loader.conf disappearedng FreeBSD General 5 3rd September 2008 05:54 AM
how to check package dependencies? bsdnewbie999 OpenBSD Packages and Ports 5 31st July 2008 04:05 AM


All times are GMT. The time now is 10:39 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick