Re: bl*cklist configuration, ssh only

To: tech-userlevel%netbsd.org@localhost
Subject: Re: bl*cklist configuration, ssh only
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Tue, 30 May 2023 15:54:52 -0000 (UTC)

ignatios%cs.uni-bonn.de@localhost writes:

>Hello,

>is there a minimal example how to configure bl*cklistd and npf to
>block attacks on sshd?

/etc/bl*cklistd.conf:
# Bl*cklist rule
# adr/mask:port type    proto   owner           name    nfail   disable
[local]
ssh             stream  tcp     *               *       5       3h
ssh             stream  tcp6    *               *       5       3h

/etc/npf.conf:
$primary_if = "wm0"
group "external" on $primary_if {
  ruleset "bl*cklistd"
}

# bl*cklistctl dump -a | wc
      13      53     609

Follow-Ups:
- Re: bl*cklist configuration, ssh only
  - From: Patrick Welche

References:
- bl*cklist configuration, ssh only
  - From: ignatios

Prev by Date: bl*cklist configuration, ssh only
Next by Date: Re: [RFC] inetd(8) changes proposal
Previous by Thread: bl*cklist configuration, ssh only
Next by Thread: Re: bl*cklist configuration, ssh only
Indexes:

Home | Main Index | Thread Index | Old Index