Hello,
I am currently running FreeBSD 10 with pf firewall and sshguard to protect myselft against brute force attacks.
/etc/rc.conf
I have been reading on the internet that I could achieve the same protection and reduce the amount of daemon that is running on the system by using PF Stateful Tracking Option (STO)
/etc/pf.conf
Could anyone advise if this is the case or not and the advantage / disadvantage of doing that?
Can I keep my jails protected using STO?
Thank you
Fred
I am currently running FreeBSD 10 with pf firewall and sshguard to protect myselft against brute force attacks.
/etc/rc.conf
Code:
sshguard_enable="YES"
sshguard_safety_thresh="30"
sshguard_pardon_min_interval="600"
sshguard_prescribe_interval="7200"
/etc/pf.conf
Code:
SshSTO ="(max 100, source-track rule, max-src-conn 10, max-src-nodes 100, max-src-conn-rate 100/30, overload <BLOCKTEMP> flush global)"
block drop in log quick on $ExtIf proto tcp from <BLOCKTEMP> to any
pass in log on $ExtIf inet proto tcp from any to ($ExtIf) port ssh $SshSTO
Could anyone advise if this is the case or not and the advantage / disadvantage of doing that?
Can I keep my jails protected using STO?
Thank you
Fred