On 4/8/23 12:47 AM, Andrea Venturoli wrote:
On 4/8/23 04:56, Mel Pilgrim wrote:
Can anyone suggest something equivalent in the port tree?
Have a look at fail2ban. It's design intent is monitoring running
services, but really it's just a set of log file regex filters.
Anything that logs network activity can feed it.
Hello and thanks for answering.
In fact I'm already using fail2ban for "running" services.
Portsenty is a bit different, in that it's conceived to listen on
ports used by non-running services.
I.e.
Got a SMTP server? Let fail2ban check its logs.
No? Let portsentry listen on port 25.
I thought about writing regexes for fail2ban to check if ipfw denied
access to ports where portsentry used to listen.
So far it's the best idea I've come up with, but I hoped for something
simpler (i.e. more close to how portsentry worked).
would blacklistd(8) meet your requirements? i use it to block ssh login
spammers with decent success. its part of the base system as well, but
does require pf.
-p
