What are you guys using for firewalls at home?

Rob

Administrator
Staff member
Joined
Oct 27, 2011
Messages
1,210
Reaction score
2,240
Credits
3,485
I've been using untangle on a Dell r210 for the past few years - it's based on Debian and has been pretty solid. I've been thinking of switching to pfsense though to see what the differences are.
 


I've been using the default firewall in RouterOS on my microtik routerboard.
 
Currently just using the firewall that is in my router, but will be moving and will take the opportunity to switch to a pfsense firewall.
 
I too am interested in setting up a home firewall. I am considering pfsense and untangle. Been watching YouTube videos on both. Untangle seems to be easier to use with few advanced options. I will try untangle first seem as though you have had no problems with it. I plan to put onto a cheap low-powered PC I can get my hands on and see how it goes.
 
I'm using csf/lfd. But I'd have liked something even more customable, such as automatically banning any IPs from which root ssh logins are attempted. But I like the fact that it's on top of iptables.
 
I'm using csf/lfd. But I'd have liked something even more customable, such as automatically banning any IPs from which root ssh logins are attempted. But I like the fact that it's on top of iptables.
csf/lfd bans failed login attempts as long as its x times within x seconds. You can tweak it in your csf.conf. I think by default, it's 5 times within 300 seconds.
 
I know and I've already tinkered with that. But the user one tries to log in with is not a criterion for lfd, at least not by default. What I'd have liked was an immediate ban for anyone trying to log in with the root user. Some time ago someone suggested adding some perl code in order to match 'root', etc. Rather difficult - I'm still not sure if I'll ever learn perl, but maybe I'll try. Now I'm struggling with awk :)
 
You could set up a script to keep an eye on lastb (type lastb, it'll show you failed logins) for the root user and ban the top 10 (or 20 etc..) in csf..

First step, find the top 10 offenders:
Code:
lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n|awk '{print $2}'|tail -n 10

Then, ban them w/ csf like:
Code:
for m in $(lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n|awk '{print $2}'|tail -n 10);do csf -d $m;done

Put it in a script in /usr/local/bin/ or something and call it from cron daily.

Note: to see the staggering amount of people trying to log in as root and showing their attempt count, type this:
Code:
lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n

Rob
 
Isn't there an automated service that will do that for you Rob?
 


Top