I want to setup blacklistd(8) to build database of all failed login attempts and IPFW to block them.
my FreeBSD version:
11.1-RELEASE-p1
The sshd_conf:
The blacklistd.conf
the first question is blacklistd(8):
After running, no failed login attempt blocked (
the nfail never reached maximum value, in case I configure 3 in blacklistd.conf then I will get
The second question is how to configure IPFW to use blacklisted database? I can not see such information from IPFW man page.
my FreeBSD version:
11.1-RELEASE-p1
The sshd_conf:
Code:
MaxAuthTries 3
UseBlacklist yes
Code:
[local]
ssh stream * * * 2 *
After running, no failed login attempt blocked (
blacklistctl dump -b
returns empty). blacklistctl dump
returns something like this:
Code:
address/ma: port id nfail last access
11.11.11.11/32:22 1/2 2017/11/02 12:17:58
Code:
11.11.11.11/32:22 2/3 2017/11/02 11:32:10
The second question is how to configure IPFW to use blacklisted database? I can not see such information from IPFW man page.
Last edited by a moderator: