[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem with my config?



Hi all-
I'm a newbie to this list, OpenBSD, pf, and firewalls so go easy on me. :)
I'm sure you've noticed the script-kiddie attacks trying to guess the root
password (among other users). Every so often one of them will tick me off
enough that I block their IP at the firewall. Normally this works just fine,
but in the past couple of days one IP still gets through (211.46.163.166) even
though it's in my "bad_hosts" table.
Looking through the pf log I see many attempts are indeed blocked by the
firewall. But some must get through because I get a few "Failed password for
root from 211.46.163.166" on the hosts they are attacking.
Now I don't know if this is a problem with my rules, pf, OpenBSD, or the
alignment of the planets but there must be a problem somewhere.
If it matters, this is a transparent firewall plus an extra NIC for ssh access.
Anybody have any ideas?
Also if you have any comments about my pf rules, please share (but be gentle).
Thanks!
Joe

Attachment: pf.conf.20041015
Description: pf.conf.20041015