How to prevent annoying crackers from brute force login attacks

17. February 2013 - 21:39 — Ivan Radovanovic

Add following to your /etc/pf.conf
# if re0 is your card $ext_if="re0" # this goes in the top table <bad_guys> persist ... block in quick on $ext_if from <bad_guys> to any

Add following to your /etc/syslog.conf
auth.info;authpriv.info |/root/auth_checker.pl
(assuming that auth_checker.pl is in /root directory)

If you want to remove ip from table bad_guys (in case you somehow lock yourself), add this to /etc/crontab
* * * * * root /sbin/pfctl -t bad_guys -Te 1000 >> /dev/null 2>&1

auth_checker.pl script is attached

Tags:

freebsd