<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#674ea7"><i>Hi,</i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#674ea7"><i><br></i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#674ea7"><i>I am interested in this topic. </i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#674ea7"><i><br></i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#674ea7"><i>But IMHO. I think it will be good to use IPFW, because we can use "dynamic rule" to block the traffic, and each "dynamic rule" should have it's own expiry. </i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#674ea7"><i><br></i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#674ea7"><i>So this sshlockout just need to monitor the ssh log and determine when and how to insert a correct "dynamic rule".</i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#674ea7"><i><br></i></div><div class="gmail_default"><i><font color="#674ea7" face="verdana, sans-serif">And suggestion?</font></i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#674ea7"><i><br></i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#674ea7"><i><br></i></div><div class="gmail_default"><i style="color:rgb(103,78,167)"><font face="verdana, sans-serif">Regards,</font></i><br></div><div class="gmail_extra"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><span style="color:rgb(103,78,167)"><i><font style="background-color:rgb(255,255,255)" face="verdana, sans-serif">Bill Yuan</font></i></span></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On 1 January 2015 at 11:24, Matthew Dillon <span dir="ltr"><<a href="mailto:dillon@crater.dragonflybsd.org" target="_blank">dillon@crater.dragonflybsd.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
commit a4ac8286be21b1495af8ec1db83271dacaa79556<br>
Author: Matthew Dillon <<a href="mailto:dillon@apollo.backplane.com">dillon@apollo.backplane.com</a>><br>
Date: Wed Dec 31 19:21:47 2014 -0800<br>
<br>
sshlockout - Add sshlockout utility<br>
<br>
* Add sshlockout utility, typically setup as a syslog pipe. This utility<br>
monitors for failed ssh login attempts and excessive preauth failures<br>
and will add a rule via IPFW to block the originating IP.<br>
<br>
The operator also typically sets up a cron job to clean out the IPFW rules<br>
that have accumulated once a day.<br>
<br>
* See man page for details. Still under construction (feel free to submit<br>
additional features).<br>
<br>
TODO - IPV6<br>
<br>
TODO - Use a PF table instead of IPFW, which will greatly improve<br>
performance if a lot of rules have to be added.<br>
<br>
Summary of changes:<br>
usr.sbin/Makefile | 1 +<br>
usr.sbin/sshlockout/Makefile | 6 +<br>
.../monitor.1 => usr.sbin/sshlockout/sshlockout.8 | 72 +++---<br>
usr.sbin/sshlockout/sshlockout.c | 279 +++++++++++++++++++++<br>
4 files changed, 327 insertions(+), 31 deletions(-)<br>
create mode 100644 usr.sbin/sshlockout/Makefile<br>
copy usr.bin/monitor/monitor.1 => usr.sbin/sshlockout/sshlockout.8 (60%)<br>
create mode 100644 usr.sbin/sshlockout/sshlockout.c<br>
<br>
<a href="http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a4ac8286be21b1495af8ec1db83271dacaa79556" target="_blank">http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a4ac8286be21b1495af8ec1db83271dacaa79556</a><br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
--<br>
DragonFly BSD source repository<br>
</font></span></blockquote></div><br></div></div>