Le jeu. 25 mars 2021 à 19:45, Kapetanakis Giannis
a écrit :
>
> How about a distributed setup?
>
> Has anyone thought of a way getting IPs from various servers (say linux
> & fail2ban) to the central OpenBSD (pf) firewall?
I send all my logs to a centralised syslog which runs fail2ban, and
instea
Hello,
I've build a python3 deamon which look for specific patterns in any log file.
For each of those patterns you assign a weight. Once the max weight is reached
in a period of time the associated IP is added to a pf table for a certain
amount of time (1 day typically but can be changed).
You
hi
you can do this with ossec.net
holger
Am 25.03.21 um 18:00 schrieb Kapetanakis Giannis:
How about a distributed setup?
Has anyone thought of a way getting IPs from various servers (say
linux & fail2ban) to the central OpenBSD (pf) firewall?
Ideally with history in order to punish mor
On 2021-03-25, Kapetanakis Giannis wrote:
> How about a distributed setup?
Not on OpenBSD yet but there is "crowdsec"
On 3/25/21 7:00 PM, Kapetanakis Giannis wrote:
[snip]> I had plans on looking to bgp to distribute the IPs around but maybe
> there is already a better way doing this.
[snip]
I read this one a while back:
"Using OpenBGPD to distribute pf table updates to your servers"
https://www.echothrust.com/b
On Thu, 25 Mar 2021 19:00:52 +0200, Kapetanakis Giannis
wrote:
> How about a distributed setup?
>
> Has anyone thought of a way getting IPs from various servers (say
> linux & fail2ban) to the central OpenBSD (pf) firewall?
>
> Ideally with history in order to punish more the frequent abusers.
How about a distributed setup?
Has anyone thought of a way getting IPs from various servers (say linux
& fail2ban) to the central OpenBSD (pf) firewall?
Ideally with history in order to punish more the frequent abusers.
I had plans on looking to bgp to distribute the IPs around but maybe
the
You could try this: https://github.com/mpfr/pftbld
It uses pf tables instead of anchors to achieve the same goal.
Handling sshd abusers may be accomplished by first using pf source-tracking
to catch them. For example:
-
table persist
block in quick from
pass in on egress proto tcp to egres
Hello,
Why not just use a script that reads auth logs and adds abusive hosts to
pf table using some patterns?
And you then decide what to do with addresses in that table and how long
should they stay in that table.
user~$ pfctl -t bad_ips -T show | wc -l
69079
24.03.2021 21:33, jeanpierre п
On 2021-03-24, jeanpierre wrote:
> Does there exist an OpenBSD analogue for FreeBSD's blacklistd daemon?
>
> For the sake of completeness: blacklistd is a daemon that, using pf
> anchors, blocks connections from abusive hosts to parctiular services
> (e.g. sshd) until they start behaving themselve
On 3/24/21 11:48 AM, Peter Nicolai Mathias Hansteen wrote:
>> 24. mar. 2021 kl. 19:33 skrev jeanpierre
>> :
>>
>> Does there exist an OpenBSD analogue for FreeBSD's blacklistd daemon?
>>
>> For the sake of completeness: blacklistd is a daemon that, using pf
>> anchors, blocks connections from ab
> 24. mar. 2021 kl. 19:33 skrev jeanpierre
> :
>
> Does there exist an OpenBSD analogue for FreeBSD's blacklistd daemon?
>
> For the sake of completeness: blacklistd is a daemon that, using pf
> anchors, blocks connections from abusive hosts to parctiular services
> (e.g. sshd) until they star
On Wed, Mar 24, 2021 at 08:33:35PM +0200, jeanpierre wrote:
> Does there exist an OpenBSD analogue for FreeBSD's blacklistd daemon?
>
> For the sake of completeness: blacklistd is a daemon that, using pf
> anchors, blocks connections from abusive hosts to parctiular services
> (e.g. sshd) until th
Does there exist an OpenBSD analogue for FreeBSD's blacklistd daemon?
For the sake of completeness: blacklistd is a daemon that, using pf
anchors, blocks connections from abusive hosts to parctiular services
(e.g. sshd) until they start behaving themselves again.
I find it very useful for timming
14 matches
Mail list logo
