[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem with my config?

Hi all-
I'm a newbie to this list, OpenBSD, pf, and firewalls so go easy on me. :)
I'm sure you've noticed the script-kiddie attacks trying to guess the root
password (among other users). Every so often one of them will tick me off
enough that I block their IP at the firewall. Normally this works just fine,
but in the past couple of days one IP still gets through ( even
though it's in my "bad_hosts" table.
Looking through the pf log I see many attempts are indeed blocked by the
firewall. But some must get through because I get a few "Failed password for
root from" on the hosts they are attacking.
Now I don't know if this is a problem with my rules, pf, OpenBSD, or the
alignment of the planets but there must be a problem somewhere.
If it matters, this is a transparent firewall plus an extra NIC for ssh access.
Anybody have any ideas?
Also if you have any comments about my pf rules, please share (but be gentle).

Attachment: pf.conf.20041015
Description: pf.conf.20041015