Re: [PLUG] SSH Hardening : Request for Best Practices

[Steve Litt <slitt@troubleshooters.com>]

On Wed, 26 Jul 2017 12:17:59 -0400
Rich Kulawiec <rsk@gsp.org> wrote:

> On Wed, Jul 26, 2017 at 09:07:56AM -0400, Louis K wrote:
> > I'd love to hear people's general recommendations for best
> > practices [..]  
> 
> Below is a skeleton pf.conf file
> that will give you a starting point: do NOT deploy this without (a) a
> full understanding of exactly what it does and doesn't do and (b)
> changes suitable for your environment.  

Just to be sure: Your pf.conf is just to convey what to block, right?
Neither my Void Linux nor my Devuan Linux has a package for a pf
filtering firewall, and from my reading the only Linux I found that has
it is Arch, and you need to use a specific kernel for it to work on
Arch.

If you know some way I can put a pf firewall on my normal Linux boxes,
I'd love it.

[snip]

> # define my own network interface
> myboard = "{ eth0 }"
> 
> # define my own addresses
> myself = "{ 192.168.0.1 }"
> 
> # log packet statistics
> set loginterface eth0
[snip]

> # drop all incoming traffic from droplist, edroplist
> block quick log on $myboard from <droplist> to $myself
> block quick log on $myboard from <edroplist> to $myself

Why $myself instead of your whole subnet or maybe even all IPs?

Thanks,

SteveT

Steve Litt 
July 2017 featured book: Quit Joblessness: Start Your Own Business
http://www.troubleshooters.com/startbiz
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug