|
|||
please check my pf.conf
Below is my pf.conf which I put together reading the man page and googling around.
It seems to work fine, I'm using it since quite a few months. I have a restricted user "amule" which I use to run amule (rarely, actually), do the lines in my pf.conf make sense (it seems they do, I remember trying to changing them and thus blocking amule traffic). I use this computer basically as a desktop, but is on 24h/day, so, I need it to be safe. In google I found this script to block brute-force attacks, which works very well: Code:
pfctl -t ssh-violations -T flush for ips in `cat /var/log/authlog | grep sshd | grep "Invalid" | awk '{print $10}' | uniq -d` ; do pfctl -t ssh-violations -T add $ips done cat /var/log/authlog | grep sshd | grep "Failed" | rev | cut -d\ -f 4 | rev | sort | uniq -c | \ ( while read num ips; do if [ $num -gt 5 ]; then if ! pfctl -s rules | grep -q $ips ; then pfctl -t ssh-violations -T add $ips fi fi done ) Code:
ext_if="gem0" ssh= "{ 22 }" table <ssh-violations> persist file "/etc/ssh-violations" # options set block-policy drop set state-policy if-bound set loginterface $ext_if set optimization normal set skip on lo0 # scrub scrub in on $ext_if all pass quick on lo0 all antispoof for $ext_if block in log all block out all block in quick log from <ssh-violations> to any pass on $ext_if proto tcp from any to any port $ssh pass on $ext_if proto tcp from any to any port 4662 user amule pass on $ext_if proto udp from any to any port 4665 user amule pass on $ext_if proto udp from any to any port 4672 user amule pass on $ext_if proto tcp from any to any port 4712 user amule pass on $ext_if proto tcp from any to any port 4661 user amule pass out quick on $ext_if inet martians = "{ 127.0.0.0/8, 172.16.0.0/12, \ 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ 0.0.0.0/8, 240.0.0.0/4 }" block drop in quick on $ext_if from $martians to any block drop out quick on $ext_if from any to $martians Any comments or suggestions will be greatly appreciated |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Check this out (funny contest). | fbsduser | Off-Topic | 6 | 4th March 2009 10:48 PM |
Best way to check and fix corrupt disk? | bsdme2 | FreeBSD General | 5 | 29th January 2009 06:10 PM |
check for badblocks | ccc | FreeBSD General | 5 | 30th October 2008 07:00 PM |
difference between rc.conf and loader.conf | disappearedng | FreeBSD General | 5 | 3rd September 2008 05:54 AM |
how to check package dependencies? | bsdnewbie999 | OpenBSD Packages and Ports | 5 | 31st July 2008 04:05 AM |