Logs for Addresses Using and Interface?



  • Hi all - I'm sorry if this question is either painful or done to death; I'm a bit green/n00bly when it comes to all this.

    Have a (inherited I should say) pfsense firewall, which passes traffic to a Varnish web cache server, which serves our website.

    Recently we've been getting some password brute-force attempts at the website itself, and I'd like to know the IP address they originate from so I can block it.

    Is this easily enough determined this from pfsense somehow?

    Thanks for any and all replies!

    :)



  • @JRA:

    Recently we've been getting some password brute-force attempts at the website itself, and I'd like to know the IP address they originate from so I can block it.

    Ask the 'varnish' admin, or even better : the web server admin. These have extended logs (normally) and they will show you the IP of the offending clients.
    If you use the "good old web server setup" then blocking becomes easily.


Log in to reply