Re: IP Banning (Using IPFW)
- From: Philip Hallstrom <freebsd@xxxxxxxxxxxxxxx>
- Date: Sun, 5 Feb 2006 14:21:37 -0600 (CST)
I was wondering if there's some sort of port available that can actively ban IPs that try and bruteforce a service such as SSH or Telnet, by scanning the /var/log/auth.log log for Regex such as "Illegal User" or "LOGIN FAILURES", and then using IPFW to essentially deny (ban) that IP for a certain period of time or possibly forever.
I've seen a very useful one that works for linux (fail2ban), and was wondering if one exists for FreeBSD's IPFW?
There are some in the ports, but you can write your own pretty easy too. The one thing I didn't like about the ones in the ports is the app was responsible for removing the rules after a set amount of time. Which could be a problem if that app crashed for some reason. You could lock yourself out permanently...
Here's a quick perl script I wrote that does what you want...
http://pastebin.com/540575
Combine that with these two crontab entries:
0-59/4 * * * * /sbin/ipfw delete 501 >/dev/null 2>&1
2-59/4 * * * * /sbin/ipfw delete 500 >/dev/null 2>&1
-philip
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- IP Banning (Using IPFW)
- From: Michael A. Alestock
- IP Banning (Using IPFW)
- Prev by Date: Gnome port
- Next by Date: Re: ng_one2many v.s. AFT (NIC Fault Tolerance/Fail Over/Redundancy Revisited)
- Previous by thread: IP Banning (Using IPFW)
- Next by thread: RE: IP Banning (Using IPFW)
- Index(es):
Relevant Pages
|
