<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(103,78,167)"><i>the IP address will be blocked from creating new SSH connection for 10 minutes if IP failed to login for 3 times within 5 minutes.</i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(103,78,167)"><i><br></i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(103,78,167)"><i>I think, it should be the requirement.</i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(103,78,167)"><br></div><div class="gmail_default"><i><font color="#674ea7" face="verdana, sans-serif">I used to resolve this with a very simple perl script, I named that script "<a href="http://stack.pl">stack.pl</a>", tail and other command can print the IP address from the log file, and the IP address will pipe into the <a href="http://stack.pl">stack.pl</a></font></i></div><div class="gmail_default"><i><font color="#674ea7" face="verdana, sans-serif"><br></font></i></div><div class="gmail_default"><i><font color="#674ea7" face="verdana, sans-serif">the <a href="http://stack.pl">stack.pl</a> will check/maintains the mapping of TIME=>IP, and call command to block the IP, and at that time, I use cronjob to remove the IP from iptables</font></i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(103,78,167)"><i><br></i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(103,78,167)"><i><br></i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(103,78,167)"><i><br></i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(103,78,167)"><i><br></i></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(103,78,167)"><i><br></i></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><span style="color:rgb(103,78,167)"><i><font face="verdana, sans-serif">Regards,</font></i><br></span></div><div><span style="color:rgb(103,78,167)"><i><font style="background-color:rgb(255,255,255)" face="verdana, sans-serif">Bill Yuan</font></i></span></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On 21 January 2015 at 15:23, Matthew Dillon <span dir="ltr"><<a href="mailto:dillon@backplane.com" target="_blank">dillon@backplane.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">It would be a bad idea to allow arbitrary commands to be executed. That opens up a whole slew of possible breakages and security issues. I don't mind there being options to add specifically to IPFW or PF (as long as PF is the default), and I don't mind there being an option to be able to specify the IPFW rule when in IPFW mode. But we should not get too fancy.<br><br>I'm running the PF version on most of the production blades and my home machines now. It's a pretty good test because they usually accumulate ~20-30 different IPs a day or more. kronos has already locked out 9.<br><div><br>-Matt<br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 20, 2015 at 6:52 AM, bycn82 <span dir="ltr"><<a href="mailto:bycn82@gmail.com" target="_blank">bycn82@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(103,78,167)"><i>I recommend to use this feature in ipfw is because delete ip using crontab sounds not good for me.</i></div></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><span style="color:rgb(103,78,167)"><i><font face="verdana, sans-serif">Regards,</font></i><br></span></div><div><span style="color:rgb(103,78,167)"><i><font style="background-color:rgb(255,255,255)" face="verdana, sans-serif">Bill Yuan</font></i></span></div></div></div></div></div></div></div></div></div></div><div><div>
<br><div class="gmail_quote">On 19 January 2015 at 17:51, Michael Neumann <span dir="ltr"><<a href="mailto:mneumann@ntecs.de" target="_blank">mneumann@ntecs.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Am 18.01.2015 um 12:31 schrieb bycn82:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
/Hi,/<br>
/<br>
/<br>
/I just implemented a feature which can work nicely with your sshlockout. /<br>
/You can manually insert a state as below and the state will be maintain<br>
by ipfw itself./<br>
/<br>
/<br>
/ipfw state add rulenum 100 udp <a href="http://192.168.1.1:0" target="_blank">192.168.1.1:0</a> <<a href="http://192.168.1.1:0" target="_blank">http://192.168.1.1:0</a>><br>
<a href="http://8.8.8.8:53" target="_blank">8.8.8.8:53</a> <<a href="http://8.8.8.8:53" target="_blank">http://8.8.8.8:53</a>> expiry +600/<br>
/<br>
/<br>
/so you dont need to implement the logic to maintain the IP addresses or<br>
configure any crontab to remove../<br>
</blockquote>
<br>
Cool!<br>
<br>
I think I will extend sshlockout so that it runs arbitrary commands.<br>
<br>
At the moment you run:<br>
<br>
sshlockout lockout<br>
<br>
which would then be equal to:<br>
<br>
sshlockout "pfctl -tlockout -Tadd %s"<br>
<br>
So it will works with ipfw:<br>
<br>
sshlockout "ipfw state add rulenum 100 udp <a href="http://192.168.1.1:0" target="_blank">192.168.1.1:0</a> %s:53 expiry +600"<br>
<br>
What do you think?<br>
<br>
Regards,<br>
<br>
Michael<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
/<br>
/<br>
/different state can have different expiry or "life time"./<br>
/<br>
/<br>
/any comment?/<br>
/<br>
/<br>
<br>
/Regards,/<br>
/Bill Yuan/<span><br>
<br>
On 14 January 2015 at 02:25, Michael Neumann<br>
<<a href="mailto:mneumann@crater.dragonflybsd.org" target="_blank">mneumann@crater.dragonflybsd.<u></u>org</a><br></span><span>
<mailto:<a href="mailto:mneumann@crater.dragonflybsd.org" target="_blank">mneumann@crater.<u></u>dragonflybsd.org</a>>> wrote:<br>
<br>
<br>
commit ed17c1722f7702eb6422f73152c009<u></u>1819a1900f<br></span>
Author: Michael Neumann <<a href="mailto:mneumann@ntecs.de" target="_blank">mneumann@ntecs.de</a> <mailto:<a href="mailto:mneumann@ntecs.de" target="_blank">mneumann@ntecs.de</a>>><span><br>
Date: Tue Jan 13 13:04:29 2015 +0100<br>
<br>
sshlockout - use a PF table instead of IPFW<br>
<br>
Summary of changes:<br>
usr.sbin/sshlockout/<u></u>sshlockout.8 | 27 +++++++++++-------<br>
usr.sbin/sshlockout/<u></u>sshlockout.c | 59<br>
+++++++++++++++++++++++++++---<u></u>----------<br>
2 files changed, 57 insertions(+), 29 deletions(-)<br>
<br>
<a href="http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/ed17c1722f7702eb6422f73152c0091819a1900f" target="_blank">http://gitweb.dragonflybsd.<u></u>org/dragonfly.git/commitdiff/<u></u>ed17c1722f7702eb6422f73152c009<u></u>1819a1900f</a><br>
<br>
<br>
--<br>
DragonFly BSD source repository<br>
<br>
<br>
</span></blockquote>
</blockquote></div><br></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>