nero wrote:
> hi all ,
>
> I have a 3.6 box that work as my main firewall , i use fwbuilder to generate
> pf config and for now no problem at all.
>
> Now I have some script that check log and get unauthorized login try like
> password brute force on ssh , that script generate a ascii list of host
> that I need to cut from fw.
>
> There's a way to setup pf to deny all incoming from hosts listed in a file ?

I think this may help you, from man pf.conf:

A table can also be initialized with an address list specified in one
or more external files, using the following syntax:

table persist file "/etc/spammers" file "/etc/openrelays"
block on fxp0 from to any

The files /etc/spammers and /etc/openrelays list IP addresses, one per
line. Any lines beginning with a # are treated as comments and ignored.


John
--
I noti piedi dei pitoni.

Hi,

Use deny by default, and later configure incomming rules.

block all

so you can use log for troubleshooting in this rule

block log all

later use tcpdump for debug.

- Mike

nero wrote:
> hi all ,
>
> I have a 3.6 box that work as my main firewall , i use fwbuilder to generate
> pf config and for now no problem at all.
>
> Now I have some script that check log and get unauthorized login try like
> password brute force on ssh , that script generate a ascii list of host
> that I need to cut from fw.
>
> There's a way to setup pf to deny all incoming from hosts listed in a file ?
>
> now I update list every week , but it's annoying......
>
> thank's.
>

John Ferguson wrote:

> I think this may help you, from man pf.conf:
....
> line. Any lines beginning with a # are treated as comments and ignored.

thank's , i will try.

--
Falegname impazzito tira una sega ad un passante.