Protect BSD Unix computer servers from brute-force attacks. It works on top of the OpenBSD Packet Filter(PF) firewall.
- BSD operating system: FreeBSD, OpenBSD with Packet Filter( PF ) enabled.
git clone https://github.com/muktadiur/blockor.git
# root|doas|sudo required.
cd blockor
make install
blockor enable
or
sysrc blockord_enable=YES # FreeBSD
rcctl enable blockord # OpenBSD
table <blockor> persist
block drop in quick on egress from <blockor> to any
make uninstall
Blockor protects FreeBSD, OpenBSD servers from brute-force attacks.
Usage:
blockor command [args]
Available Commands:
check Check blockor.conf file and show config for /etc/pf.conf.
start Start the blockord daemon.
stop Stop the blockord daemon.
restart Restart the blockord daemon.
enable Start the blockord daemon at boot.
disable Not start the blockord daemon at boot.
add Add IP to blocked list.
remove Remove IP from blocked list.
flush Remove all entries from blocked list.
list Show blocked list with the failed count.
status Running or Stopped (enabled|disabled)
Use "blockor -v|--version" for version info.
bsd# blockor check
blockor(ok)
Add to /etc/pf.conf and run pfctl -f /etc/pf.conf(if not already done):
table <blockor> persist
block drop in quick on egress from <blockor> to any
bsd# blockor start
blockord(running)
bsd# blockor stop
blockord(stopped)
bsd# blockor restart
blockord(stopped)
blockord(running)
bsd# blockor remove 192.168.56.2
blockor(removed)
# or if multiple
bsd# blockor remove 192.168.56.45 192.168.56.151 192.168.56.152
blockor(removed)
bsd# blockor add 192.168.56.2
blockor(ok)
# or if multiple
bsd# blockor add 192.168.56.45 192.168.56.151 192.168.56.152
blockor(ok)
# whitelisted IP will be skipped.
bsd# blockor add 192.168.56.20
blockor(whitelisted. skipped. 192.168.56.20)
bsd# blockor status
blockord(running.enabled)
enabled - will start at boot
disabled - will not start at boot
bsd# blockor list
Total 1 IP(s) blocked
192.168.56.2
count IP
11 192.168.56.2
2 192.168.56.30
1 192.168.56.21
bsd# blockor flush
blockor(flushed)
Change the value of blockor_whitelist, max_tolerance, and search_pattern. Better not to change others' values.
blockord="/usr/local/libexec/blockor/blockord.sh"
blockor="/usr/local/bin/blockor"
blockor_file="/tmp/blockor_blockedlist"
blockor_log_file="/var/log/blockord.log"
blockor_whitelist="192.168.56.20 192.168.56.102"
search_pattern="Disconnected from authenticating user root|Failed password"
max_tolerance=10
auth_file="/var/log/auth.log" # FreeBSD
auth_file="/var/log/authlog" # OpenBSD
IP will be blocked when more than 10 failed activities. Change to any number.
Add any text pattern with delimiter |
example: search_pattern="Bad protocol version identification|..other patterns"
IP in blockor_whitelist will be excluded from blocking. Add IP with space-separated.
blockor_whitelist="192.168.56.20 192.168.56.102"
├── LICENSE
├── Makefile
├── README.md
├── freebsd
│ ├── Makefile
│ └── usr
│ └── local
│ ├── etc
│ │ ├── blockor.conf
│ │ └── rc.d
│ │ └── blockord
│ ├── man
│ │ └── man8
│ │ └── blockor.8.gz
│ └── share
│ └── examples
│ └── blockor
│ └── blockor.example.conf
├── images
│ └── blockor.png
├── openbsd
│ ├── Makefile
│ ├── etc
│ │ └── rc.d
│ │ └── blockord
│ └── usr
│ └── local
│ ├── etc
│ │ └── blockor.conf
│ ├── man
│ │ └── man8
│ │ └── blockor.8.gz
│ └── share
│ └── examples
│ └── blockor
│ └── blockor.sample.conf
└── usr
└── local
├── bin
│ └── blockor
└── libexec
└── blockor
└── blockord.sh