Sshlockout & webConfiguratorlockout rules
-
Hello,
I would like to change those rules from rules.debug
block in log quick proto tcp from <sshlockout>to (self) port 22 tracker 1000000301 label "sshlockout"
block in log quick proto tcp from <webconfiguratorlockout>to (self) port 443 tracker 1000000351 label "webConfiguratorlockout"</webconfiguratorlockout></sshlockout>into…
block in log quick proto tcp from <sshlockout>to any tracker 1000000301 label "sshlockout"
block in log quick proto tcp from <webconfiguratorlockout>to any tracker 1000000351 label "webConfiguratorlockout"</webconfiguratorlockout></sshlockout>My understanding is…anyone bruteforcing should be block to any connection once they are in the table...
Thanks.
F.
-
That would mean that someone who tried to ssh (unsuccessfully) from LAN to oyuor pfSense box 15 times would get their whole internet blocked for an hour. I guess that inflicts an automatic punishment on those local clients trying to mess with the router!
table <sshlockout>persist table <webconfiguratorlockout>persist</webconfiguratorlockout></sshlockout>
At the moment those tables are not exposed as aliases on the Firewall Rules GUI. Perhaps it would be useful if they were? Then you could add your own extra block rules to be more nasty to offenders.
If you think it is worthwhile, then add a feature request to RedMine. And then write the code :)
-
I would like to change those rules from rules.debug
Hi fsansfil,
You can modify the file /etc/inc/filter.inc and change it to meet your needs, but it will get overwritten on any firmware update. You could also create a dif file and create a "System Patch".
2585 $ipfrules .= "\n# SSH lockout\n"; 2586 if(is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port'])) { 2587 $ipfrules .= "block in log quick proto tcp from <sshlockout> to (self) port "; 2588 $ipfrules .= $config['system']['ssh']['port']; 2589 $ipfrules .= " label \"sshlockout\"\n"; 2590 } else { 2591 if($config['system']['ssh']['port'] <> "") 2592 $sshport = $config['system']['ssh']['port']; 2593 else 2594 $sshport = 22; 2595 if($sshport) 2596 $ipfrules .= "block in log quick proto tcp from <sshlockout> to (self) port {$sshport} label \"sshlockout\"\n"; 2597 } 2598 2599 $ipfrules .= "\n# webConfigurator lockout\n"; 2600 if(!$config['system']['webgui']['port']) { 2601 if($config['system']['webgui']['protocol'] == "http") 2602 $webConfiguratorlockoutport = "80"; 2603 else 2604 $webConfiguratorlockoutport = "443"; 2605 } else { 2606 $webConfiguratorlockoutport = $config['system']['webgui']['port']; 2607 } 2608 if($webConfiguratorlockoutport) 2609 $ipfrules .= "block in log quick proto tcp from <webconfiguratorlockout> to (self) port {$webConfiguratorlockoutport} label \"webConfiguratorloc kout\"\n";</webconfiguratorlockout></sshlockout></sshlockout>
-
Thanks BB, very usefull!
Cheers.
F.