==== How to prevent Bruteforce ====


Install Bruteblock

<code bash>
 cd /usr/ports/security/bruteblock; make && make install
</code>

Configure Bruteblock

<code bash>
 vi /usr/local/etc/bruteblock/ssh.conf
</code>

Add line similar to following example according to your log in auth.log \\
also you can use line below for commercial SSH \\
OR \\
the line already in your current setting is good enough for standard installation.

<code bash>
 regexp2         = sshd2.*connection from \"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\"
</code>

Change max_count to

<code bash>
 max_count       = 10   (10 tries)
</code>

Change within_time to

<code bash>
 within_time     = 45   (within 45 second)
</code>

Change reset_ip to

<code bash>
 reset_ip       = 3600  (Block for 1 Hr.)
</code>

Enable bruteblock to the rc.conf

<code bash>
bruteblockd_enable="YES"
bruteblockd_table="1"
bruteblockd_flags="-s 60"
</code>

Add following line to /etc/firewall as second entry after flush or you can edit your standard firewall rule file

<code bash>
 add deny ip from table(1) to any
</code>

Apply the changes

<code bash>
 ipfw -f /etc/firewall
</code>

Add following line to /etc/syslog.conf

<code bash>
 auth.info;authpriv.info                         |exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf
</code>

restart syslogd
<code bash>
 /etc/rc.d/syslogd restart
</code>

start bruteblockd

<code bash>
 /usr/local/etc/rc.d/bruteblockd.sh start
</code>

How to check blocked IP

<code bash>
 ipfw table 1 list
</code>

How to flush table

<code bash>
 ipfw table 1 flush
</code>

Anything else in mind - GOOGLE it

==== Using IPFW limiting source ====

This will help you keep you server live during any DDOS or bruteforce.\\
also, make person frustrated due to slow scan.

<code bash>
ipfw add allow tcp from xx.xx.xx.xx/24 to any setup limit src-addr 10
ipfw add allow tcp from any to me setup limit src-addr 4 
</code>

NOTE : First rule is for your internal network. replace xx.xx.xx.xx your internal network.