setup a deny list for service - BSD

This is a discussion on setup a deny list for service - BSD ; hi all , I have a 3.6 box that work as my main firewall , i use fwbuilder to generate pf config and for now no problem at all. Now I have some script that check log and get unauthorized ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: setup a deny list for service

  1. setup a deny list for service


    hi all ,

    I have a 3.6 box that work as my main firewall , i use fwbuilder to generate
    pf config and for now no problem at all.

    Now I have some script that check log and get unauthorized login try like
    password brute force on ssh , that script generate a ascii list of host
    that I need to cut from fw.

    There's a way to setup pf to deny all incoming from hosts listed in a file ?

    now I update list every week , but it's annoying......

    thank's.

    --
    I lebbrosi sono molto generosi. Chiedi loro una mano, e ti danno tutto
    il braccio!
    -- Da it.hobby.umorismo


  2. Re: setup a deny list for service

    nero wrote:
    > hi all ,
    >
    > I have a 3.6 box that work as my main firewall , i use fwbuilder to generate
    > pf config and for now no problem at all.
    >
    > Now I have some script that check log and get unauthorized login try like
    > password brute force on ssh , that script generate a ascii list of host
    > that I need to cut from fw.
    >
    > There's a way to setup pf to deny all incoming from hosts listed in a file ?


    I think this may help you, from man pf.conf:

    A table can also be initialized with an address list specified in one
    or more external files, using the following syntax:

    table persist file "/etc/spammers" file "/etc/openrelays"
    block on fxp0 from to any

    The files /etc/spammers and /etc/openrelays list IP addresses, one per
    line. Any lines beginning with a # are treated as comments and ignored.


    John
    --
    I noti piedi dei pitoni.

  3. Re: setup a deny list for service

    Hi,

    Use deny by default, and later configure incomming rules.

    block all

    so you can use log for troubleshooting in this rule

    block log all

    later use tcpdump for debug.

    - Mike

    nero wrote:
    > hi all ,
    >
    > I have a 3.6 box that work as my main firewall , i use fwbuilder to generate
    > pf config and for now no problem at all.
    >
    > Now I have some script that check log and get unauthorized login try like
    > password brute force on ssh , that script generate a ascii list of host
    > that I need to cut from fw.
    >
    > There's a way to setup pf to deny all incoming from hosts listed in a file ?
    >
    > now I update list every week , but it's annoying......
    >
    > thank's.
    >


  4. Re: setup a deny list for service

    John Ferguson wrote:

    > I think this may help you, from man pf.conf:

    ....
    > line. Any lines beginning with a # are treated as comments and ignored.


    thank's , i will try.

    --
    Falegname impazzito tira una sega ad un passante.


+ Reply to Thread