On 2009-12-19 (Sat) at 03:38:26 -0900, Mel Flynn wrote: > Well, my first problem with it is obviously that I now need python, where I > don't want python. In fact, my firewalls/gateways only have /bin/sh and > /bin/csh as scripting languages. It's one reason I switched from custom > sysutils/grok rules to using security/sshguard - it got me rid of perl.
That makes sense -- I'm using it on a general purpose server as opposed to a dedicated firewall box. > Secondly, you have matching rules coded in the script. If there would be one > reason to prefer this script over sshguard, it would be that I can add attack > patterns more easily, in config file with a syntax that's not too obscure. Interesting thought, I will definitely make the matching rules configurable and potentially make possible to monitor multiple logfiles for attack patterns (potentially configurable per-logfile). > Last but not least, you assume that once an IP is at fault, I want that IP > blocked permanently. In practice you end up with an extremely large table > that > might eventually be too big for a default PF table and recurring scans from > the same IP are not that common (you see the IP in a 12-24 hour window, then > not again). You've misread the script. IPs are expired after a configurable number of seconds. > > Hope this helps. Thanks kindly for the feedback! --Brandon _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
