Diffusion vyos-1x cd6f7994a9c5

sshguard: T5354: Add service ssh dynamic-protection
cd6f7994a9c5
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

sshguard: T5354: Add service ssh dynamic-protection

Sshguard protects hosts from brute-force attacks
It can inspect logs and block "bad" addresses by threshold
Auto-generates own tables and rules for nftables, so they are not
intercept with VyOS firewall rules.
When service stops, all generated tables are deleted.

set service ssh dynamic-protection
set service ssh dynamic-protection allow-from '192.0.2.1'
set service ssh dynamic-protection block-time '120'
set service ssh dynamic-protection detect-time '1800'
set service ssh dynamic-protection threshold '30'

Details

Provenance

Authored on Jul 19 2023, 2:39 PM

Parents

rVYOSONEX64cc7d7e3b9e: Merge pull request #2057 from c-po/t5313-backport

Branches

Loading...

Tags

Loading...

Event Timeline

Viacheslav committed rVYOSONEXcd6f7994a9c5: sshguard: T5354: Add service ssh dynamic-protection (authored by Viacheslav).Jul 19 2023, 2:39 PM

Changes (6)

Path

Size

data/

templates/

ssh/

sshguard_config.tmpl

sshguard_whitelist.tmpl

debian/

interface-definitions/

smoketest/

scripts/

cli/

test_service_ssh.py

src/

conf_mode/

rVYOSONEXcd6f7994a9c5

data/templates/ssh/sshguard_config.tmpl

Loading...

data/templates/ssh/sshguard_whitelist.tmpl

Loading...

debian/control

Loading...

interface-definitions/ssh.xml.in

Loading...

smoketest/scripts/cli/test_service_ssh.py

Loading...

src/conf_mode/ssh.py

Loading...