[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with my config?

> I'm sure you've noticed the script-kiddie attacks trying to guess the root
> password (among other users).
No, actually I haven't.  And you shouldn't either if your config file is set up correctly.
> Now I don't know if this is a problem with my rules
> ATTACHMENT part 2 application/octet-stream name=pf.conf.20041015
I took a look and I can say that you should redesign the whole thing.  The common and effective
strategy is to take a block (in ext_if) by default stance.  Then, still common, because it
makes things simple, you allow all traffic out and keep state on it.
This rule is allowing your box to be attacked:
pass in log on $ext_if proto tcp from any to <protected> port $tcp_in keep state
Where port 22 is included in $tcp_in.  Why are you allowing hosts to connect to your box from
the internet?  Do *you* need to do this?  Very bad idea.  If you must then at least make it so
sshd will not allow root to connect directly (see /etc/ssh/sshd_config and look at
PermitRootLogin parameter).  You may also want to be less open by not using the "any" keyword.
I have a couple of tutorials on pf if you're interested.  Email me privately.
~~ pm
Post your free ad now! http://personals.yahoo.ca