diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-03-03 18:25:41 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-03-03 18:25:41 +0000 |
| commit | 8065a01689075ad7c5559457f6473e477c969b74 (patch) | |
| tree | 377bf9646f0005b7840b5f2996048a8550671f5a | |
| parent | 17c5de5964a9d84b139a24b29d83a9a850c9f390 (diff) | |
| download | pfsense-8065a01689075ad7c5559457f6473e477c969b74.zip pfsense-8065a01689075ad7c5559457f6473e477c969b74.tar.gz | |
Hook in sshlockout_pf
| -rw-r--r-- | etc/inc/filter.inc | 5 | ||||
| -rw-r--r-- | etc/syslog.conf | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 1715346..3403374 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -800,6 +800,9 @@ function filter_nat_rules_generate() { } } + $natrules .= "#SSH Lockout Table\n"; + $natrules .= "table <sshlockout> persist\n\n"; + $natrules .= "\n# spam table \n"; $natrules .= "table <spamd> persist\n\n"; @@ -915,6 +918,8 @@ function filter_rules_generate() { # BEGIN OF firewall rules $ipfrules="anchor \"firewallrules\"\n"; + $ipfrules .= "block in log quick from <sshlockout> to any 22 label \"sshlockout\"\n\n"; + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $oc = $config['interfaces']['opt' . $i]; diff --git a/etc/syslog.conf b/etc/syslog.conf index 9d102f3..2788e01 100644 --- a/etc/syslog.conf +++ b/etc/syslog.conf @@ -5,4 +5,5 @@ local7.* %/var/log/dhcpd.log *.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local3.none;local4.none;local7.none %/var/log/system.log security.* %/var/log/system.log auth.info;authpriv.info;daemon.info %/var/log/system.log +auth.info;authpriv.info |exec /root/adm/sshlockout *.emerg * |
