Steve Litt on 26 Jul 2017 15:14:03 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSH Hardening : Request for Best Practices

On Wed, 26 Jul 2017 12:17:59 -0400
Rich Kulawiec <> wrote:

> On Wed, Jul 26, 2017 at 09:07:56AM -0400, Louis K wrote:
> > I'd love to hear people's general recommendations for best
> > practices [..]  
> Below is a skeleton pf.conf file
> that will give you a starting point: do NOT deploy this without (a) a
> full understanding of exactly what it does and doesn't do and (b)
> changes suitable for your environment.  

Just to be sure: Your pf.conf is just to convey what to block, right?
Neither my Void Linux nor my Devuan Linux has a package for a pf
filtering firewall, and from my reading the only Linux I found that has
it is Arch, and you need to use a specific kernel for it to work on

If you know some way I can put a pf firewall on my normal Linux boxes,
I'd love it.


> # define my own network interface
> myboard = "{ eth0 }"
> # define my own addresses
> myself = "{ }"
> # log packet statistics
> set loginterface eth0

> # drop all incoming traffic from droplist, edroplist
> block quick log on $myboard from <droplist> to $myself
> block quick log on $myboard from <edroplist> to $myself

Why $myself instead of your whole subnet or maybe even all IPs?



Steve Litt 
July 2017 featured book: Quit Joblessness: Start Your Own Business
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --