|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
attacks are not being added to the pf table
Hi. I ran into a small trouble. I changed the default ssh listening port from 22 to a 1337, added the port in pf.conf but when I tried to login with false credentials from another computer (outside the network) the ip is not being added to the table.
I changed the default port in sshd_config with Code:
# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. Port 1337 Code:
# macros int_if="ale0" localnet = $int_if:network tcp_services = "{ 62222, www, 1337 }" udp_services = "{ 62222, www, 1337 }" # tables table <bruteforce> persist file "/var/pf/bruteforce" # options set loginterface $int_if # disable filtering on loopback interface set skip on lo0 # block rules block log all block quick from <bruteforce> # pass rules pass inet proto tcp to $localnet port $tcp_services \ keep state (max-src-conn 50, max-src-conn-rate 3/60, \ overload <bruteforce> flush global) pass out all I suspect that something is wrong with the way I changed the port... |
|
|||
And back for more info. Due to work and being sick, I could not find the courage to post more info...
The strange thing is that if I remove the 1337 port from the udp_services, the table works... I tried a somehow different approach by changing the rules specifically for ssh port Code:
# macros defined int_if="ale0" localnet = $int_if:network tcp_services = "{ 62222, www, 1337 }" udp_services = "{ 62222, www }" # tables table <bruteforce> persist # options set loginterface $int_if # disable filtering on loopback interface set skip on lo0 # block rules block log all block quick from <bruteforce> # pass rules for ssh pass quick proto { tcp,udp } to port 1337 \ keep state (max-src-conn 10, max-src-conn-rate 2/60, \ overload <bruteforce> flush global) pass inet proto tcp to $localnet port $tcp_services \ keep state (max-src-conn 50, max-src-conn-rate 3/60, \ overload <bruteforce> flush global) pass out all |
|
|||
I see what you mean.
As always, thank you. |
Tags |
bruteforce, of.conf |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
why won't my table work? | tomp | OpenBSD Security | 3 | 25th August 2011 12:23 PM |
static ip's not showing up in routing table | birdmansdomain | OpenBSD General | 4 | 27th November 2009 12:57 AM |
I think I just mangled my partition table | Mantazz | FreeBSD Installation and Upgrading | 2 | 2nd July 2009 09:55 PM |
table formatting (could not find better title) | gosha | Programming | 10 | 19th March 2009 06:33 PM |
Ajax dynamic table/spreadsheet | robbak | Programming | 1 | 7th June 2008 10:33 PM |