pf saving into files

atmosx

atmosx

Hello,

Reading 'pf' documentation and a few tutorials online I came up with a few simple rules to block ssh-bruteforce attacks. Works fine now but I'd like to be able to 'save' them.

From the manual I read:

* persist - causes the kernel to keep the table in memory even when no rules
refer to it. Without this attribute, the kernel will automatically remove
the table when the last rule referencing it is flushed.

This is related to memory and kernel. What I'd like to do is save the banned ip's on a file and on bood load this file. To load this file into the table I came up with

[CMD="table <sshbf> persist "/etc/ssh/pf_banned_ips""]# < this[/CMD] but in order to 'save' the newly added ips to 'pf_banned_ips' do I have to write a script on my own or can pf somehow handle this?

Thanks
 
SirDice said:
I suggest using something like security/sshguard-pf or security/py-fail2ban.
Click to expand...

I used to run fail2ban, even wrote a ruby script to get some stats. I know how effective it is, however my server is an embedded an RDC system with just 512 MB of RAM.

I'd like to save as much RAM as possible, pf runs already, does a good job on blocking ip's thus I don't need another process running. I can always write a ruby script to check 5/6 times per day and update the file... But I'd like to know if there's a native way to do it.

Thanks
 
Code: 
table <permablock> persist file "/etc/pf.permablock"
...
block in quick on $ext_if from <permablock> to any

Addresses or CIDR ranges can be added to the file with a text editor, but (I think) should not be done when pf is running.

# pfctl -t permablock -T add ...
should work, but I have not tried that with a persistent file.

This is used for certain relentless sources of spam or other types of network abuse.
 
You must log in or register to reply here.
Back
Top