So as recommended in another thread, I installed sshguard-pf. Using These As Resources: http://www.freebsd.org/doc/en/books/handbook/firewalls-pf.html , http://sshguard.sourceforge.net/doc/setup/setup.html , http://sshguard.sourceforge.net/doc/setup/blockingpf.html. As I was setting it up it seems like the documentation is lacking, Im not sure if I have everything setup properly, so I would like to show you What I have and If its Correct or if Im missing something.
/etc/pf.conf:
/etc/rc.conf:
pkgs:
So, First is everything running properly? Second, How Do I control it... Like Set it so it watches proftpd or even webmin, and blacklists the IP and/or hostname from any access? Third, How do I control the amount of attempts they have?
/etc/pf.conf:
Code:
# $FreeBSD: src/share/examples/pf/pf.conf,v 1.1.2.1.4.1 2008/11/25 02:59:2
# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
#ext_if="ext0"
#int_if="int0"
#table <spamd-white> persist
table <sshguard> persist
#set skip on lo
#scrub in
#nat-anchor "ftp-proxy/*"
#rdr-anchor "ftp-proxy/*"
#nat on $ext_if from !($ext_if) -> ($ext_if:0)
#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
#no rdr on $ext_if proto tcp from <spamd-white> to any port smtp
#rdr pass on $ext_if proto tcp from any to any port smtp \
# -> 127.0.0.1 port spamd
#anchor "ftp-proxy/*"
#block in
#pass out
#pass quick on $int_if no state
#antispoof quick for { lo $int_if }
#pass in on $ext_if proto tcp to ($ext_if) port ssh
#pass in log on $ext_if proto tcp to ($ext_if) port smtp
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp
block in quick on ral0 proto tcp from <sshguard> label "ssh bruteforce"
/etc/rc.conf:
Code:
pf_enable="YES"
pf_rules="/etc/pf.conf"
pkgs:
Code:
blurr-ink# pkg_info | grep sshguard-pf
sshguard-pf-1.3 Protect hosts from brute force attacks against ssh and othe
blurr-ink# pkg_info|grep pf
qt4-makeqpf-4.4.1 Qt qtopia font creator
sshguard-pf-1.3 Protect hosts from brute force attacks against ssh and othe
Code:
blurr-ink# ps ax | grep sshguard-pf
blurr-ink# ps ax | grep sshguard
41887 ?? Is 0:00.01 /usr/local/sbin/sshguard
blurr-ink# ps ax | grep pf
47 ?? DL 0:31.58 [softdepflush]
39926 ?? DL 0:00.07 [pfpurge]
43436 p0 R+ 0:00.00 grep pf
So, First is everything running properly? Second, How Do I control it... Like Set it so it watches proftpd or even webmin, and blacklists the IP and/or hostname from any access? Third, How do I control the amount of attempts they have?