• IP Banning for Multiple Attempts (Attacks) on Firewall?

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    U

    I have added this on my web server to limit the SSH brute force attacks, and it works quite well.

    But I would very much like to have it in the firewall instead of on the server because I think it belongs there and it is quite annoying when I, by accident, lock myself out for 10 minutes when connecting from a local client. Maybe I should just change it so it doesn't block 192.168.* addresses ;)

    What it does is that it logs and blocks the third attempt and  it just blocks the 4.+  to avoid my logs are flodded.

    iptables -A INPUT -p tcp –dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j DROP
    iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force "
    iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP

  • Allow LAN -> OPT, not reverse

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    S

    That'd be okay.  I'd use them only for 1 or 2 OPT subnets.  And so far, no need for traffic shaping, since it's just for home.

    But I continue leaning further toward the EPIA CL6000 with two LANs, even as we "speak".

  • Squid redirct rule

    Locked
    13
    0 Votes
    13 Posts
    7k Views
    T

    Ok the squid works fine, Tranparent Mode and the portforwarding. But wenn I configure an other pfsense box, wich is the defaulf gateway in my lan, to forward every port 80 traffic (with the same portforwarding rule) to the squid pfsense box with an other PPPOE connection to the net it does not work. Something wrong in my mind?

  • Allow only certain MAC addresses

    Locked
    7
    0 Votes
    7 Posts
    5k Views
    B

    @bushtor:

    Will do ;-)

    .. especially if you tell me where I can find the dhcp mac config file from the ipcop box shell.

    Sorry, a typo :-(  Of course I meant 'the pfsense box shell'…

    However I have located it ans solved the problem ;-)

    Tor

  • Interactive rules

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    H

    Other solution:

    enable remote syslog server at the pfsense and create a block rule with "log" enabled disable logging of default deny rule install syslog deamon at your client that sends you a mail on receiving this alert or plays a beep or a popup or whatever (depends on the tool you use) create a rule in the webgui for this connection to pass above the logging rule and disable it (you can quickenable/disable this rule by clicking the small pass icon in front of the rule and hitting apply)

    It's not like a popup and only clicking an allow or deny button but might work depending on how often you need it.

  • Transparent firewall tutorial

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    T

    i'm happy to hear that  :D

    thanks a lot !

  • Help us help you make aliases better.

    Locked
    17
    0 Votes
    17 Posts
    9k Views
    S

    @rexster:

    @sullrich:

    DNSForwarder and friend already uses that.  This is at a different level.

    (oot)
    but there at least few thousands hosts in the list.
    how can i make the update automatic?

    Please un-hijack this thread and start a new one.  I really have no idea how we are now talking abotu DNS Forwarder in the ALIAS thread!

  • FTP still appears to be broken…

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    S

    So it looks like by default, the ftp helper is enabled on all interfaces.  In order for LAN and WAN to access my ftp server in the DMZ, I had to disable the ftp helper on all interfaces, LAN, WAN, and DMZ.  As soon as I turned that off, all is well.

  • DHCP - Deny unknown clients (from file)

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    H

    Download the config.xml and copy/paste your macs to the right part keeping the formatting of the xml intact. Then reupload it.

  • FTP issues??

    Locked
    15
    0 Votes
    15 Posts
    7k Views
    A

    "Is dual wan compatible with FTP?
    Short answer: no.

    If you are trying to use the FTP proxy and DUAL wan or Load Balancing this will not work due to the fact that we have to redirect traffic to a userland proxy when the helpers are enabled.

    However, the long answer is that you can utilize dual wan ftp if you use a 1:1 or port-forward the large port ranges required by the server which in most cases of newer ftp daemons is configurable."

    ok  ;)… and how about the long answer?  ??? ???

    I already use NAT 1:1, Passive FTP (port 55000-60000) and disable userland FTP-Proxy.
    Download is slow, but upload is fine.

  • Firewalling IM

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    H

    http://www.experts-exchange.com/Security/Q_20968914.html

  • Bittorrent

    Locked
    10
    0 Votes
    10 Posts
    6k Views
    J

    Found the problem!!! It was were azureus was changing the upnp on the modem to go stright to the pc nic instead of through pfsense and then pfsense was loosing track of the ports and traffic as all out going traffice was going throug pfsense but incoming wasn't

  • Skype

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    S

    Take a look at http://www.net-security.org/article.php?id=876

  • General Firewallproblem with another gateway

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    T

    I fix the prob - Dummy mistake.
    I forgot to make NAT -Outbound Rules on lan and opt1 for 192.168.1.0/24
    X Advanced flag

    the error was that the other machine was told on public net,  but route the packets  back on 192.168.1.0/24 iface directly to client and
    not over the gw-adress.

    Thanks.

  • 1 WAN 3 LAN - Blocking LAN ports from each other.

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    H

    Yeah, those are wrong.

    at LAN:
    block, proto any, source any, destination OPT1 subnet
    block, proto any, source any, destination OPT2 subnet
    pass, proto any, source lan subnet, destination any (default LAN to any)

    at OPT1:
    block, proto any, source any, destination LAN subnet
    block, proto any, source any, destination OPT2 subnet
    pass, proto any, source OPT1 subnet, destination any

    at OPT2:
    block, proto any, source any, destination LAN subnet
    block, proto any, source any, destination OPT1 subnet
    pass, proto any, source OPT2 subnet, destination any

    You always block incoming traffic at an interface.

  • Full block

    Locked
    10
    0 Votes
    10 Posts
    5k Views
    H

    whatever works best for you  ;)

  • Trying to block port 25

    Locked
    5
    0 Votes
    5 Posts
    6k Views
    J

    in youre rule you have
    ! mailserver
    or do you have
    !mailserver
    ???

    !mailserver is correct
    picture is not clear in this

  • Sierra Online games

    Locked
    9
    0 Votes
    9 Posts
    5k Views
    C

    no tried and same problem.

  • Can i map fw rules to interfaces?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    V

    @althornin:

    You are allowing "prod net rule allow any to any" - your firewall is doing exactly that!
    change the rule to "allow any to !mgmt"….

    Yes i know this, but id like to know can i map rules to interfaces. Eg. Packet flow
    is something like this:

    Packet in Int1 -> Check against int1 rules -> Packet routed to Int2 -> Check against Int2 rules.

    If this is not posible i think i try to modify that Firewall: Rules page so that i cab see all my rules
    in one page (like checkpoint). I think this way i can get more cleaner picture how my fw rules are checked.

    Br,

    Ville

  • Ipencap pf

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    S

    Can't say that I have ever seen the need for this.  Can you explain why that option is only needed in you're case?

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.