diff options
author | jim-p <jimp@netgate.com> | 2019-03-12 15:46:28 -0400 |
---|---|---|
committer | jim-p <jimp@netgate.com> | 2019-03-12 15:47:44 -0400 |
commit | d67449c6a3b6075a9ec4120842fa596e054a3826 (patch) | |
tree | b311264f7b329cf636e4966aac332b85439ca2c1 /src/etc | |
parent | 922a1ae3d9d822bf68f17448756b1e2783d0cf85 (diff) | |
download | pfsense-d67449c6a3b6075a9ec4120842fa596e054a3826.zip pfsense-d67449c6a3b6075a9ec4120842fa596e054a3826.tar.gz |
Use only sshguard table for blocking ssh/gui attacks. Issue #9223
(cherry picked from commit 555a9ab5c01101ddab7daa41f35d379d1c39b26e)
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/auth.inc | 2 | ||||
-rw-r--r-- | src/etc/inc/filter.inc | 3 |
2 files changed, 2 insertions, 3 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 60d5de9..21e9052 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -41,7 +41,7 @@ if (function_exists("display_error_form")) { * lockout table before processing a request */ /* Fetch the contents of the lockout table. */ - exec("/sbin/pfctl -t 'webConfiguratorlockout' -T show", $entries); + exec("/sbin/pfctl -t 'sshguard' -T show", $entries); /* If the client is in the lockout table, print an error, kill states, and exit */ if (in_array($_SERVER['REMOTE_ADDR'], array_map('trim', $entries))) { diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 5bc6087..6fd450f 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -751,7 +751,6 @@ function filter_generate_aliases() { $aliases .= "\n#SSH Lockout Table\n"; $aliases .= "table <sshguard> persist\n"; - $aliases .= "table <webConfiguratorlockout> persist\n"; $aliases .= "#Snort tables\n"; $aliases .= "table <snort2c>\n"; @@ -3364,7 +3363,7 @@ EOD; $webConfiguratorlockoutport = $config['system']['webgui']['port']; } if ($webConfiguratorlockoutport) { - $ipfrules .= "block in {$log['block']} quick proto tcp from <webConfiguratorlockout> to (self) port {$webConfiguratorlockoutport} tracker {$increment_tracker($tracker)} label \"webConfiguratorlockout\"\n"; + $ipfrules .= "block in {$log['block']} quick proto tcp from <sshguard> to (self) port {$webConfiguratorlockoutport} tracker {$increment_tracker($tracker)} label \"GUI Lockout\"\n"; } $saved_tracker += 100; |