[Tfug] SSH script
Steven Bowers
steveb7 at bblabs.net
Mon May 29 14:13:56 MST 2006
I know there are three or four <lol> OpenBSD users in this group so I
thought I'd share this little script. I found the original script on
http://todome.net/projects/ssh_wall.php and modified it to suit my needs
better. It now outputs the contents of the table first and then after
backing it up, flushes and updates the table. Thought it might be
helpful for other OpenBSD users here.
#!/bin/sh
DATE=`/bin/date +%y%m%d`
pfctl -T show -t scanners > /etc/tables/scanners
/bin/cp /etc/tables/scanners /var/log/scanners.${DATE}
/usr/bin/gzip -f /var/log/scanners.${DATE}
/bin/chmod 640 /var/log/scanners.${DATE}.gz
pfctl -T flush -T replace -t scanners -f /etc/tables/scanners
Seems to work well in conjuction with:
## SSH Hackers - blocked IPs
table <scanners> persist file "/etc/tables/scanners"
## Pass SSH traffic ##
block in log quick on $ext_if proto tcp from <scanners> to $ext_if port ssh
pass in on $ext_if inet proto tcp from any to any port ssh flags S/SA
keep state (max-src-conn-rate 3/60, overload <scanners> flush global)
More information about the tfug
mailing list