Re: [Sshguard-users] mix of sshguard with other non ssh pf rules ?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Wed, Apr 17, 2013 at 11:59:06PM +0200, Laurent Alebarde wrote:
> Thanks Richard. Could you elaborate a bit more please for the pf & 
> networking newbbie I am ?

A typical basic pf.conf will say:

  block
  pass out

That blocks with ICMP or TCP RST reply all inbound traffic, except traffic
which matches a state table entry created by the 'pass out' rule (in other
words, replies to connections you make outbound from your system).

Add anywhere in that rule set:

  block drop in log quick proto tcp from <sshguard> to any

sshguard will use the <sshguard> table when it finds an IP doing something
it considers unfriendly.

That rule will silently block all inbound TCP from a bad IP, except for
replies to connections you make outbound from your system.

For more, see the sshguard.net web site, which refers to the pf
man pages and instructions.

Good luck!

Richard

Re: [Sshguard-users] mix of sshguard with other non ssh pf rules ?

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] mix of sshguard with other non ssh pf rules ?