I've written a small program about 5 years ago. It was a daemon that implemented a service similar to "port knocking" but entirely in user level, calling pfctl by exec() system calls to insert/remove remote IP addresses in a pf table holding machines able to connect to the ssh daemon via port 22.
It was a ugly hack but it worked for us. I shall have a backup copy somewhere on my powerbook at home... On Thu, Nov 6, 2008 at 3:33 PM, Charlie Clark <[EMAIL PROTECTED]> wrote: > Hi, > > I have noticed that people constantly try to brute force sshd on my openbsd > box, on my server I use fail2ban to prevent this and wondered if there is a > similar solution for openbsd. > > Regards, > > -- > > Charlie Clark > Network Engineer > > Lemon Computing Ltd > Unit 9 > 26-28 Priests Bridge > London > SW14 8TA > UK > > Tel: +44 208 878 2138 > Fax: +44 208 878 2163 > Email: [EMAIL PROTECTED] > Site: http://www.lemon-computing.com/ > > Lemon Computing is a limited company registered in England & Wales under > Company No. 03697052
