[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem with my config?
> I'm sure you've noticed the script-kiddie attacks trying to guess the root
> password (among other users).
No, actually I haven't. And you shouldn't either if your config file is set up correctly.
> Now I don't know if this is a problem with my rules
> ATTACHMENT part 2 application/octet-stream name=pf.conf.20041015
I took a look and I can say that you should redesign the whole thing. The common and effective
strategy is to take a block (in ext_if) by default stance. Then, still common, because it
makes things simple, you allow all traffic out and keep state on it.
This rule is allowing your box to be attacked:
pass in log on $ext_if proto tcp from any to <protected> port $tcp_in keep state
Where port 22 is included in $tcp_in. Why are you allowing hosts to connect to your box from
the internet? Do *you* need to do this? Very bad idea. If you must then at least make it so
sshd will not allow root to connect directly (see /etc/ssh/sshd_config and look at
PermitRootLogin parameter). You may also want to be less open by not using the "any" keyword.
I have a couple of tutorials on pf if you're interested. Email me privately.
Post your free ad now! http://personals.yahoo.ca