Hello there,
I have a jail inside a VM. I installed Gitea inside the Jail and configured PF (nat) to forward traffic coming on port 2000 to the jail port 3000 (The gitea web application) and left port 10000 for the ssh (for git) inside the jail.
All is okay so far till recently I checked my sshd logs and found that some IPs repeatedly trying to login -although I configured ssh to use keys only I thought best course of action is to collected those IPs and block them.
For this I add them to /etc/badips file and added table in my PF.conf and blocked all traffic from or to those IPs.
For making sure it is working, I added my work IP to the /etc/badips file and tested the connectivity to the gitea webapp inside the jail. I was expecting not to be able to log to the page, yet I am still to use the webapp.
My pf.conf (I know it is not the most secure configuration but it is work in progress)
Sample of the content of /etc/badips file
I tried to display the ips and check on my work ip if it is there
And I can see it
I must have something wrong, but couldn't figure it out.
I tried using block on $ext_if and other combination I found on the internet nothing worked
Thanks a lot
I have a jail inside a VM. I installed Gitea inside the Jail and configured PF (nat) to forward traffic coming on port 2000 to the jail port 3000 (The gitea web application) and left port 10000 for the ssh (for git) inside the jail.
All is okay so far till recently I checked my sshd logs and found that some IPs repeatedly trying to login -although I configured ssh to use keys only I thought best course of action is to collected those IPs and block them.
For this I add them to /etc/badips file and added table in my PF.conf and blocked all traffic from or to those IPs.
For making sure it is working, I added my work IP to the /etc/badips file and tested the connectivity to the gitea webapp inside the jail. I was expecting not to be able to log to the page, yet I am still to use the webapp.
My pf.conf (I know it is not the most secure configuration but it is work in progress)
Code:
#Define the interfaces
ext_if = "vtnet0"
int_if = "lo1"
jail_net = $int_if:network
#Define the IP address of jail and the ports
git_jail = "192.168.1.1"
git_jail_http_port = "2000"
git_ext_http_port = "3000"
git_jail_ssh_port = "10000"
git_jail_TCP_PORTS = "{ 10000, 3000 }"
#Define the NAT for the jails
nat on $ext_if from $jail_net to any -> ($ext_if)
# Redirect traffic on port 3000 to the git jail
#rdr pass on $ext_if inet proto tcp to port $git_jail_TCP_PORTS -> $git_jail
rdr pass on $ext_if inet proto tcp from any to any port $git_ext_http_port -> $git_jail port $git_jail_http_port
rdr pass on $ext_if inet proto tcp from any to any port $git_jail_ssh_port -> $git_jail port $git_jail_ssh_port
table <badhosts> persist file "/etc/badips"
block in quick from <badhosts>
block out quick to <badhosts>
Sample of the content of /etc/badips file
Code:
% sudo cat /etc/badips
103.79.141.190
104.163.168.159
111.13.138.175
112.65.130.130
112.65.140.133
113.193.0.206
I tried to display the ips and check on my work ip if it is there
pfctl -t badhosts -T show
And I can see it
Code:
# cat /etc/badips | xargs pfctl -t badhosts -Tt
95/95 addresses match.
I must have something wrong, but couldn't figure it out.
I tried using block on $ext_if and other combination I found on the internet nothing worked
Thanks a lot