This morning I saw some message in auth.log - 'Did not receive identification string from 59.37.11.161'. I don't what mean this but this is public ip. Can some one to help me about this message?

Ignore it. I get hundreds of those.

you can block em with pf. most of the time they are coming from port scanners like nmap

you can block em with pf. most of the time they are coming from port scanners like nmap

Ignore it. I get hundreds of those.


I have some problem with pf, but it's fine when I can ignore it.
Thanks guys.

I have some problem with pf, but it's fine when I can ignore it.
Thanks guys.

It's easy.

create a /etc/pf.conf file with:

table <BRUTEFORCE> persist

create a shell wrapper called addbrute in /root/bin

#!/bin/sh

# for non offenders:
# pfctl -t bruteforce -T delete <IP>

/sbin/pfctl -t BRUTEFORCE -T add $*

now when you see one of bastards in your auth logs simply type as root: addbrute 123.456.789.012

If you want to expire the brutes (ips change often enough) pop thin in a cron job

/sbin/pfctl -t BRUTEFORCE -T expire 86400 >/dev/null 2>&1

Further information on setting up the service inside FreeBSD can be found here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html