Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th December 2011
dbach dbach is offline
Port Guard
Join Date: Aug 2011
Posts: 23
Default pf.conf output to bruteforce file

Hello All:

I have the following rule in pf.conf:

# bruteforce blocking
block quick from <bruteforce>
pass inet proto tcp to $nic port ssh \
keep state (max-src-conn 10, max-src-conn-rate 5/5 \
overload <bruteforce> flush global)

Where should the bruteforce file be placed and with which permissions to have pf write out information for bruteforced attempts?

Reply With Quote
  #2   (View Single Post)  
Old 30th December 2011
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,506

It has been a while when I played with pf tables.

AFAIK pf keeps the contents of tables in memory. But according the pfctl man page you can show/display the contents of a table with pfctl -t bruteforce -T show
So if you redirect that output to file with something like pfctl -t bruteforce -T show >bruteforce.txt you have those addresses in a file.

How to use that file for a next reload of the pf.conf rules is well explained in the pf users guide and pfctl man page.
For permissions I would start with the same as "/etc/pf.conf" : rw for root, nothing for group and world.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 31st December 2011
dbach dbach is offline
Port Guard
Join Date: Aug 2011
Posts: 23
Default Thanks for the reply

Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DVI output in X backrow OpenBSD General 5 14th April 2011 04:39 AM
output to a file in java c0mrade Programming 4 15th October 2009 07:55 AM
difference between rc.conf and loader.conf disappearedng FreeBSD General 5 3rd September 2008 05:54 AM
C and file input/output 18Googol2 Programming 3 20th August 2008 04:02 PM
strange security run output deadeyes FreeBSD Security 5 2nd July 2008 04:51 PM

All times are GMT. The time now is 04:34 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick