You are here

How to prevent annoying crackers from brute force login attacks

Ivan Radovanovic's picture

Add following to your /etc/pf.conf

# if re0 is your card
$ext_if="re0"
# this goes in the top
table <bad_guys> persist
...
block in quick on $ext_if from <bad_guys> to any

Add following to your /etc/syslog.conf

auth.info;authpriv.info |/root/auth_checker.pl

(assuming that auth_checker.pl is in /root directory)

If you want to remove ip from table bad_guys (in case you somehow lock yourself), add this to /etc/crontab

* * * * * root /sbin/pfctl -t bad_guys -Te 1000 >> /dev/null 2>&1

auth_checker.pl script is attached