You should check installation instructions contained in INSTALL file if you are installing BruteForceBlocker v1.2 and later. Basically, you will need to proceed these steps:

You will need to add a new table to the pf config file. You can do so by adding lines to the pf.conf similar to these:

table <bruteforce> persist file “/path/to/tables/file”
block in log quick proto tcp from <bruteforce> to any port ssh

You will also need to add another auth line in /etc/syslog.conf similar to this one (note that you should keep your original one, since the BruteForceBlocker no longer logs to the auth.log file, instead it logs throught syslog module):; | exec /path/to/

You should also consider starting syslogd with -c option.

7 thoughts on “Installation

  1. CDSU


    youre kidding right? if you do not know what kind of table Daniel is talking about then you really should either contact your network admin or do some heavy reading on FreeBSD and PF ( thats stands for packet filter). By not doing so you can really do some damage to your network.
    This should be a good start for you


  2. danger Post author

    unfortunately, that is impossible currently. Someone would need to create an ipfw port of BruteForceBlocker. This actually would probably not be too much work…

  3. len conrad

    What about attacks on ftp,


    on smtp where “connect from” is logged 1000s of times/day for an IP.

    I was using bruteblock but it works only with ipfw and had some screwey failure adding IPs


  4. danger Post author

    The procedure is pretty the same. You just have to add the corresponding regular expressions to the bruteforceblocker script.

Leave a Reply

Your email address will not be published. Required fields are marked *