What are you guys using for firewalls at home?



Steve

New Member
Credits
0
Currently just using the firewall that is in my router, but will be moving and will take the opportunity to switch to a pfsense firewall.
 

KarlLinux

New Member
Credits
0
I too am interested in setting up a home firewall. I am considering pfsense and untangle. Been watching YouTube videos on both. Untangle seems to be easier to use with few advanced options. I will try untangle first seem as though you have had no problems with it. I plan to put onto a cheap low-powered PC I can get my hands on and see how it goes.
 

lethargos

New Member
Credits
0
I'm using csf/lfd. But I'd have liked something even more customable, such as automatically banning any IPs from which root ssh logins are attempted. But I like the fact that it's on top of iptables.
 

Rob

Administrator
Staff member
Credits
19
I'm using csf/lfd. But I'd have liked something even more customable, such as automatically banning any IPs from which root ssh logins are attempted. But I like the fact that it's on top of iptables.
csf/lfd bans failed login attempts as long as its x times within x seconds. You can tweak it in your csf.conf. I think by default, it's 5 times within 300 seconds.
 

lethargos

New Member
Credits
0
I know and I've already tinkered with that. But the user one tries to log in with is not a criterion for lfd, at least not by default. What I'd have liked was an immediate ban for anyone trying to log in with the root user. Some time ago someone suggested adding some perl code in order to match 'root', etc. Rather difficult - I'm still not sure if I'll ever learn perl, but maybe I'll try. Now I'm struggling with awk :)
 

Rob

Administrator
Staff member
Credits
19
You could set up a script to keep an eye on lastb (type lastb, it'll show you failed logins) for the root user and ban the top 10 (or 20 etc..) in csf..

First step, find the top 10 offenders:
Code:
lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n|awk '{print $2}'|tail -n 10
Then, ban them w/ csf like:
Code:
for m in $(lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n|awk '{print $2}'|tail -n 10);do csf -d $m;done
Put it in a script in /usr/local/bin/ or something and call it from cron daily.

Note: to see the staggering amount of people trying to log in as root and showing their attempt count, type this:
Code:
lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n
Rob
 


Members online


Top