Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block port(s) after a while

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gerd
      last edited by

      Hi !

      I know pfsense is not openwrt.. but there is a rule for iptables (with ipt module recent) to avoid things like this is there also a soluton for pfsense ?

      Sep 25 18:35:23 sshd[15995]: Failed password for invalid user ftp123 from 216.245.217.170 port 47969 ssh2
      Sep 25 18:35:23 sshd[15995]: Invalid user ftp123 from 216.245.217.170
      Sep 25 18:35:23 sshd[15994]: Failed password for invalid user asterisk from 216.245.217.170 port 47961 ssh2
      Sep 25 18:35:23 sshd[15994]: Invalid user asterisk from 216.245.217.170
      Sep 25 18:35:22 sshd[15956]: Failed password for invalid user ftp123 from 216.245.217.170 port 47293 ssh2
      Sep 25 18:35:22 sshd[15956]: Invalid user ftp123 from 216.245.217.170
      Sep 25 18:35:22 sshd[15954]: Failed password for invalid user asterisk from 216.245.217.170 port 47280 ssh2
      Sep 25 18:35:22 sshd[15954]: Invalid user asterisk from 216.245.217.170
      Sep 25 18:35:20 sshd[15853]: Failed password for invalid user ftp123 from 216.245.217.170 port 45765 ssh2
      Sep 25 18:35:20 sshd[15853]: Invalid user ftp123 from 216.245.217.170
      Sep 25 18:35:20 sshd[15863]: Failed password for invalid user asterisk from 216.245.217.170 port 45965 ssh2
      Sep 25 18:35:20 sshd[15863]: Invalid user asterisk from 216.245.217.170
      Sep 25 18:35:18 sshd[15826]: Failed password for invalid user oracle from 216.245.217.170 port 44309 ssh2
      Sep 25 18:35:18 sshd[15826]: Invalid user oracle from 216.245.217.170

      Ciao gerd

      1 Reply Last reply Reply Quote 0
      • jahonixJ
        jahonix
        last edited by

        If snort is working at the moment this could help you.
        It's a package.

        Or you hit the 'Advanced' button in your SSH rule on WAN tab and enable/set some costum limits like max. connections /host  or /time frame.

        1 Reply Last reply Reply Quote 0
        • E
          eri--
          last edited by

          Can somebody make a feature request for this so it does not get forgotten?

          pf has built in support for this it just needs to be exported.

          1 Reply Last reply Reply Quote 0
          • G
            gerd
            last edited by

            @ermal:

            Can somebody make a feature request for this so it does not get forgotten?
            pf has built in support for this it just needs to be exported.

            for what ? snort support ?
            btw: as i wroteon top bofore i used openwrt (kamikaze) and this was done eith an iptables rule
            iptables -t nat -A prerouting_wan -p tcp –dport 22  -m state --state NEW
              -m recent --name ATTACKER_SSH --rsource --update --seconds 180 --hitcount 5 -j DROP
            iptables -t nat -A prerouting_wan -p tcp --dport 22  -m state --state NEW
              -m recent --name ATTACKER_SSH --rsource --set

            SSH

            iptables        -A input_wan      -p tcp --dport 22  -m state --state NEW -j ACCEPT

            thats all

            ciao gerd

            1 Reply Last reply Reply Quote 0
            • E
              eri--
              last edited by

              Man iptables is UGLY i am glad BSD can make easy tools for people :).

              Yeah pf has teh same concept too but need to be exported to the gui.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.