Debian DokuWiki

Install Bruteblock

 cd /usr/ports/security/bruteblock; make && make install

Configure Bruteblock

 vi /usr/local/etc/bruteblock/ssh.conf

Add line similar to following example according to your log in auth.log
also you can use line below for commercial SSH
OR
the line already in your current setting is good enough for standard installation.

 regexp2         = sshd2.*connection from \"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\"

Change max_count to max_count = 10 (10 tries)

Change within_time to within_time = 45 (within 45 second)

Change reset_ip to reset_ip = 3600 (Block for 1 Hr.)

Enable bruteblock to the rc.conf

bruteblockd_enable=“YES” bruteblockd_table=“1” bruteblockd_flags=“-s 60”

Add following line to /etc/firewall as second entry after flush add deny ip from table(1) to any

Apply the changes ipfw -f /etc/firewall

Add following line to /etc/syslog.conf

auth.info;authpriv.info |exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf

restart syslogd /etc/rc.d/syslogd restart

start bruteblockd /usr/local/etc/rc.d/bruteblockd.sh start

How to check blocked IP ipfw table 1 list

How to flush table ipfw table 1 flush

Anything else in mind - GOOGLE it