Progress migrating to list

Joe Nelson joe at begriffs.com
Sun Sep 30 17:37:44 UTC 2018


> > I should also write up the story about how Joe helped me fend off
> > hackers when we configured fail2ban for postfix.
> 
> I certainly want the story on that. Type it up and put in on your weblog.
> Or, send it in an email and it will be archived here -- I guess. Or, we
> can host a weblog of sorts on frostbyte.

I learned that in true OpenBSD style, they have stateful packet
filtering [1] built right into pf, which means I can implement similar
functionality on this BSD box as we did on your machine, but without
the extra moving parts of fail2ban. [2] This technique doesn't involve
looking at log files for offending lines, but simply tracks how many
connections a host is making in what time period, and adds the host to a
block list above a threshold.

Luckily I haven't seen evil traffic in my logs yet... Probably only a
matter of time.

1: https://www.openbsd.org/faq/pf/filter.html#stateopts
2: https://www.reddit.com/r/openbsd/comments/5e6u61/fail2ban_on_openbsd_60/#thing_t1_daa58bg


More information about the Friends mailing list