|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
pf.conf output to bruteforce file
Hello All:
I have the following rule in pf.conf: # bruteforce blocking block quick from <bruteforce> pass inet proto tcp to $nic port ssh \ keep state (max-src-conn 10, max-src-conn-rate 5/5 \ overload <bruteforce> flush global) Where should the bruteforce file be placed and with which permissions to have pf write out information for bruteforced attempts? Thanks, Darryl |
|
|||
It has been a while when I played with pf tables.
AFAIK pf keeps the contents of tables in memory. But according the pfctl man page you can show/display the contents of a table with pfctl -t bruteforce -T show So if you redirect that output to file with something like pfctl -t bruteforce -T show >bruteforce.txt you have those addresses in a file. How to use that file for a next reload of the pf.conf rules is well explained in the pf users guide and pfctl man page. For permissions I would start with the same as "/etc/pf.conf" : rw for root, nothing for group and world.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Thanks for the reply
Darryl
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
DVI output in X | backrow | OpenBSD General | 5 | 14th April 2011 04:39 AM |
output to a file in java | c0mrade | Programming | 4 | 15th October 2009 07:55 AM |
difference between rc.conf and loader.conf | disappearedng | FreeBSD General | 5 | 3rd September 2008 05:54 AM |
C and file input/output | 18Googol2 | Programming | 3 | 20th August 2008 04:02 PM |
strange security run output | deadeyes | FreeBSD Security | 5 | 2nd July 2008 04:51 PM |