Enable automatic defence aganist SSH attacks on FreeBSD using PF March 9th, 2010
For a long time I use to see reports of brute force SSH attacks aganist my FreeBSD machines in mailbox every morning. Finnaly I got fed up not that they were even getting close to getting in but just tired of getting these huge reports. So I decided it was time to do something about it. First let me say I run PF (BSD Packet Filter) on all my FreeBSD machines. Its quite easy to setup so I will start there.
- Rebuild your kernel to enable ALTQ being able to trottle bandwidth is pretty cool (optional)
- Create a folder in /root called /kernels
[root@test] [/usr/src/sys/i386/conf]# mkdir /root/kernels
- Make a copy of the GENERIC kernerl profile and place it in the /root/kernels directory. Keep in mind that if your running say an AMD64 this directory will be slightly different.
[root@test] [/usr/src/sys/i386/conf]# cp GENERIC /root/kernels/
- Rename the file to something else like GENERIC-PF
[root@test] [/usr/src/sys/i386/conf]# mv /root/kernels/GENERIC /root/kernles/GENERIC-PF
- Link the new kernel file to directory where your kernel configuration files exist.
[root@test] [/usr/src/sys/i386/conf]# ln -s /root/kernels/GENERIC-PF
- Open the file in your favorite editor (vi for me)
[root@test] [/usr/src/sys/i386/conf]# vi GENERIC-PF
You may want to change the ident so that it reflects the changes you make to the kernel as well.
ident GENERIC-PF
and add the following lines below the last line that starts with option and above the first line that beings with device.
options ALTQ options ALTQ_CBQ # Class Bases Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build
- Rebuild your kernel
[root@test] [/usr/src/sys/i386/conf]# cd ../../../ Read the rest of this entry »
- Create a folder in /root called /kernels
