nant's projects / dragonfly.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d5c0296) | patch
sshlockout - Add sshlockout utility
authorMatthew Dillon <dillon@apollo.backplane.com>
Thu, 1 Jan 2015 03:21:47 +0000 (19:21 -0800)
committerMatthew Dillon <dillon@apollo.backplane.com>
Thu, 1 Jan 2015 03:24:25 +0000 (19:24 -0800)
commita4ac8286be21b1495af8ec1db83271dacaa79556
tree676837b326db7df581d3b6ed6ed4c2eacd70b5b0tree | snapshot
parentd5c02967b3a01720dc0775d3957fc6014030e8c7commit | diff
sshlockout - Add sshlockout utility

* Add sshlockout utility, typically setup as a syslog pipe.  This utility
  monitors for failed ssh login attempts and excessive preauth failures
  and will add a rule via IPFW to block the originating IP.

  The operator also typically sets up a cron job to clean out the IPFW rules
  that have accumulated once a day.

* See man page for details.  Still under construction (feel free to submit
  additional features).

  TODO - IPV6

  TODO - Use a PF table instead of IPFW, which will greatly improve
 performance if a lot of rules have to be added.
usr.sbin/Makefile diff | blob | blame | history
usr.sbin/sshlockout/Makefile [new file with mode: 0644] blob
usr.sbin/sshlockout/sshlockout.8 [new file with mode: 0644] blob
usr.sbin/sshlockout/sshlockout.c [new file with mode: 0644] blob
Nuno's DragonFly repo.