Created
March 8, 2014 05:52
-
-
Save victoredwardocallaghan/9425974 to your computer and use it in GitHub Desktop.
Stopping SSH Brute Force attacks with PF.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Make table to keep track of IP's of SSH brute forcers: | |
| table <bruteforce> persist | |
| # Make sure they are unable to connect to the system after being appended to table: | |
| block quick from <bruteforce> | |
| # The rule how one is appended to the table.. | |
| # By connecting with more then 5 clients to the SSH port | |
| # and try reconnect 5 times within 30 secs, append client machine to the table: | |
| pass inet proto tcp from any to any port ssh \ | |
| flags S/SA keep state \ | |
| (max-src-conn 5, max-src-conn-rate 5/30, \ | |
| overload <bruteforce> flush global) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment