Piero Bosio Social Web Site Personale

Social Forum federato con il resto del mondo. Non contano le istanze, contano le persone

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Hot take: pf's built-in connection tracking beats fail2ban/sshguard hands down.

Uncategorized

1 Posts 1 Posters 0 Views

undefined This user is from outside of this forum
undefined This user is from outside of this forum
Larvitz

wrote last edited by

#1

Hot take: pf's built-in connection tracking beats fail2ban/sshguard hands down.
One simple ruleset gives you automatic brute-force protection with ZERO userland daemons. No log parsing, no reaction delays, no additional attack surface.
table <bruteforce> persist
pass in proto tcp to port 22 flags S/SA (max-src-conn 5, max-src-conn-rate 3/30, overload <bruteforce> flush global)
Kernel-level enforcement, instant blocking, survives reboots with persist.
Why spawn Python processes when your firewall already knows?
#bsd #freebsd #runbsd #firewall #pf #sysadmin
1 Reply Last reply
1
undefined Stefano Marinelli shared this topic

Feed RSS

Hot take: pf's built-in connection tracking beats fail2ban/sshguard hands down.

Gli ultimi otto messaggi ricevuti dalla Federazione

undefined
Elena Rossini ⁂

@MichelPatrice un ENORME merci à toi Michel pour tous tes excellents conseils ✨ 🏆 ✨

read more
undefined
Elena Rossini ⁂

@MichelPatrice 😂 💀

read more
undefined
Elena Rossini ⁂

@mala aw! thank you for the kind offer Davide.
In my pre-mom days I would have booked a flight to Milano stat, but alas cannot do it now on such short notice for my family. Thank you though, I really appreciate! ❤️

read more
undefined
Kenobit

Ma quanto era illuminata la musica del canale delle previsioni del tempo del Wii?
https://youtu.be/U4gv28y82uM
#discoDelGiorno

read more
undefined
aeva

@kr4ft3r noice

read more
undefined
aeva

@celestia but there's games and stuff tho :O

read more
undefined
慈悲

@aeva mine can pirate movies

read more
undefined
LasolitaLaura

@Alberto 😂 è molto molto cool

read more

@pierobosio@soc.bosio.info

Post suggeriti

undefined

Will be working on a new build of BastilleBSD
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized freebsd advisory bastillebsd
1

0 Votes

1 Posts

5 Views

undefined

Will be working on a new build of BastilleBSD .iso images to include the latest advisory fixes and base updates.In the meantime, here's your reminder to `pkg upgrade` / `freebsd-update fetch install` on your FreeBSD systems.#FreeBSD #advisory #bastilleBSD
undefined

Best NTP daemon?
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized freebsd linux openbsd infrastructure ntp
1

0 Votes

1 Posts

7 Views

undefined

Best NTP daemon?#FreeBSD #Linux #OpenBSD #Infrastructure #NTP
undefined

Returning to the Valley from SF, feeling mostly quite tired (in a generally good way).
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized homelab networking linux freebsd engineering nvidia mellanox
3

4

0 Votes

3 Posts

14 Views

undefined

@winterschon@mastodon.bsd.cafe My concern with the Mikrotik PCI-E card is the lack of a switch chip, meaning the CPU can very easily eat into the line rate potential for traffic forwarding. That's why it never has caught on with a regular DPU / Smart NIC, in my book.
undefined

EuroBSDCon starts tomorrow
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized eurobsdconadvent eurobsdcon bsd freebsd openbsd netbsd dragonflybsd zfs
5

0 Votes

5 Posts

26 Views

undefined

@kaveman thank you! I can’t wait!

Piero Bosio Social Web Site Personale

Hot take: pf's built-in connection tracking beats fail2ban/sshguard hands down.

Feed RSS

Gli ultimi otto messaggi ricevuti dalla Federazione

Post suggeriti

Will be working on a new build of BastilleBSD

Best NTP daemon?

Returning to the Valley from SF, feeling mostly quite tired (in a generally good way).

EuroBSDCon starts tomorrow