Re: Party
On Thursday 28 September 2006 11:14, Thierry Thomas wrote:
> Le Jeu 28 sep 06 =E0 16:19:42 +0200, John Baldwin <jhb@freebsd.org>
> =E9crivait=A0:
>=20
> > ports/security/bruteblock (there's another one for pf, this one is for=
=20
ipfw)
>=20
> No need for an external tool with pf. Just add this kind of rule:
>=20
> table <ssh-bruteforce> persist
> block in quick from <ssh-bruteforce>
> pass in quick on $ext_if inet proto tcp from any to ($ext_if) \
> port 22 flags S/SA keep state \
> ( max-src-conn-rate 2/10, overload <ssh-bruteforce> flush global)
Depends. I only want to block bad connections. I don't want to lock mysel=
f=20
out if I happen to open too many ssh session terminals at work. :)
=2D-=20
John Baldwin
_______________________________________________
freebsd-chat@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat-unsubscribe@freebsd.org"
討論串 (同標題文章)