[HOWTO] FreeBSD 7.x 8.x + IPFW + Brute Force Monitor + block_ip.sh

It seems that the currently available iptables
(http://files.directadmin.com/services/all/block_ips/2.0/iptables)
script is missing a rule when the end user tries to login to FTP server with his FTP client set to use FTP over TLS.

So after reading
"Because the ftp helper modules must read and modify commands being sent over the command channel, they won't work when the command channel is encrypted through use of TLS/SSL."
from here
http://serverfault.com/questions/234674/setting-up-linux-iptables-for-ftp-pasv-mode-connections
I added
-A INPUT -p tcp --dport 50000:60000 -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
to my iptables. Of course, with the right passive port range in my ftpd configuration.
 
First let me thank you for your article (first post)

I have done all the steps. In DA I have list of banned IPs and the are keeping added to the ban list after each report of BF but unfortunately these IPs are not actually getting blocked via IPFW.

I tested one of my own IPs and I am still able to connect to server (load DA, websites, webmail and so on)

I would appreciate if you help me to solve this issue.

Thank you very much
 
Not working automatically for me - have to manually add IPs

I went through the howto but it is not automatically working for me. It works manually where I manually add the IPs to the block list but it wont automatically block abusing IPs. Any ideas why this may be?
 
Rebooted and lost all blocked IPs

Hi,

I rebooted the server and lost the whole list of blocked IPs. Surely it's not supposed to do this.
 
Back
Top