Vincent
2021-03-28 06:18:38 UTC
Hello,
I've build a python3 deamon which look for specific patterns in any log file. For each of those patterns you assign a weight. Once the max weight is reached in a period of time the associated IP is added to a pf table for a certain amount of time (1 day typically but can be changed).
You must know python regex to tune it to your specific needs. But samples can guide you.
Details here
https://www.vincentdelft.be/post/post_20170517
Vincent
I've build a python3 deamon which look for specific patterns in any log file. For each of those patterns you assign a weight. Once the max weight is reached in a period of time the associated IP is added to a pf table for a certain amount of time (1 day typically but can be changed).
You must know python regex to tune it to your specific needs. But samples can guide you.
Details here
https://www.vincentdelft.be/post/post_20170517
Vincent
Does there exist an OpenBSD analogue for FreeBSD's blacklistd daemon?
For the sake of completeness: blacklistd is a daemon that, using pf
anchors, blocks connections from abusive hosts to parctiular services
(e.g. sshd) until they start behaving themselves again.
I find it very useful for timming down log files.
Regards,
Jean-Pierre
For the sake of completeness: blacklistd is a daemon that, using pf
anchors, blocks connections from abusive hosts to parctiular services
(e.g. sshd) until they start behaving themselves again.
I find it very useful for timming down log files.
Regards,
Jean-Pierre