search for: autoblocking

On 2/04/2020 6:35 AM, D'Arcy Cain wrote: > On 2020-04-01 16:28, Mark Boyce wrote: >> On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com >> <mailto:gdt at lexort.com>> wrote: >>> I think you need to use tcpdump and turn up firewall debugging. >> sngrep is your friend …My bet is UDP vs TCP on firewall rules :-) > block drop in log quick on bge0

On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com> wrote: > > I think you need to use tcpdump and turn up firewall debugging. sngrep is your friend …My bet is UDP vs TCP on firewall rules :-) Mark -------------- next part -------------- An HTML attachment was scrubbed... URL:

On 2020-04-01 15:12, Greg Troxel wrote: > D'Arcy Cain <darcy at VybeNetworks.com> writes: > But yet, new packets from that IP address reach asterisk. It seems > almost entirely clear to me that you have a firewall problem, not an > asterisk problem. This could well be but Asterisk is the only thing that continues to communicate. > I would test this out with a remote

I am running Asterisk 16.9 on FreeBSD 12.1-RELEASE-p1. I keep seeing lines like this in my logs. [Apr 1 13:30:33] NOTICE[101155][C-00004526] chan_sip.c: Call from '' (45.143.220.235:5356) to extension '2037' rejected because extension not found in context 'unauthenticated'. I have a script that checks for things like this and adds them to my packet filter (pf).

On 2020-04-01 16:28, Mark Boyce wrote: > On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com > <mailto:gdt at lexort.com>> wrote: >> >> I think you need to use tcpdump and turn up firewall debugging. > > sngrep is your friend …My bet is UDP vs TCP on firewall rules :-) block drop in log quick on bge0 from <AUTOBLOCK> to any block drop out log quick

On 2020-04-02 08:01, Larry Moore wrote: > I suspect you have a good understanding of pf. Pretty good I think. As with everything I am always willing to learn more. > Have you included in your script running 'pfctl -k <ip_address>' to kill > any states that may exists after you update your <AUTOBLOCK> table? I haven't yet because I want to watch the effect of

D'Arcy Cain <darcy at VybeNetworks.com> writes: > Here is the first four lines from "pfctl -sr": > > pass in quick on bge0 from <FRIENDS> to any flags S/SA keep state > block drop in log quick on bge0 from <ENEMIES> to any > block drop in log quick on bge0 from <AUTOBLOCK> to any > block drop out log quick on bge0 from any to

D'Arcy Cain <darcy at VybeNetworks.com> writes: > I have a script that checks for things like this and adds them to my > packet filter (pf). Everything seems to work up to a point. The IP > address gets added to my AUTOBLOCK table. The second rule, right after > the friends whitelist, blocks any IP in that table. If I try to ping or > traceroute to it I can't get

...wing attempts to connect from an ip address after a certain number of failures. My logs tend to fill up after a night of script kiddy hell. 1) There should be a way to turn this off/on 2) A way to get the list and re-enable/remove an ip address. 3) A attempt count setting so that after X failures autoblocking happens I've grown very accustomed to something similar on AS400's. It very hanndy to have. thanx, -jj- ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Any BFD/AFP softwares available for FreeBSD 4.10? Im getting flooded with ssh and ftp attempts.