Securing SSH

[Software Info]

Hi All,
I am trying to secure my SSH Server, restricting by country. I am using a script that gives a different exit status depending on whether or not there is an allow or deny. The instruction says I should use SSHD : ALL : aclexec /path/to/my/script in hosts.allow file. This isn't working. Seems it isn't supported. Does FreeBSD have anything similar or a patch that allows the aclexec option? Thanks for any assistance.

 

[cmoerz]

Which instructions are you referring to?

From what I can gather from hosts_access(5)(), there is no aclexec option. Then again, that file seems to support domain wildcards, which should address what you're attempting to do, doesn't it?

 

[Software Info]

It may to a very limited extent extent but since I want to block an entire country or countries, I don't think domain wildcards would suffice.

 

[im]

Try to use a firewall for blocking something "by country".
It was a thread "ipfw ruleset to block an entire country":

Good ipfw ruleset to block an entire country?

Is here anybody who can help with that?

forums.FreeBSD.org

Example how to block some country with ipfw:

Good ipfw ruleset to block an entire country?

Is here anybody who can help with that?

forums.FreeBSD.org

 

[Software Info]

I found a solution for this. I edited the script to add the offending IP's to a PF Firewall table instead. It does what I want now. Not sure if anyone else would need to do something like this but I can post the script if anyone needs it. Thanks so much for the replies though.

 

[Alucn]

I found a solution for this. I edited the script to add the offending IP's to a PF Firewall table instead. It does what I want now. Not sure if anyone else would need to do something like this but I can post the script if anyone needs it. Thanks so much for the replies though.

Thanks for sharing!