Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Howto disable brute force login
« previous
next »
Print
Pages: [
1
]
Author
Topic: Howto disable brute force login (Read 5301 times)
klaasth
Newbie
Posts: 25
Karma: 1
Howto disable brute force login
«
on:
March 04, 2019, 02:49:26 pm »
Dear
Opnsense uses default sshlockout_pf to lock out brute force from SSH. I woudl like to block brute force attempts to HTTPS webpage of opensense. I tried 30 times in a row to login with a false password voor root and the system still accepts to logon.
My question: Is there a way of maximum login attempts op 5 on HTTPS?
Kind regards
Logged
Bagoline
Newbie
Posts: 13
Karma: 1
Re: Howto disable brute force login
«
Reply #1 on:
March 04, 2019, 02:59:51 pm »
Normally, you don't allow access to the firewall from all IP addresses cause you will be locked out when the threshold is reached.
It's better if you access the firewall through an OpenVPN.
We have enabled a temp lockout mechanism but through the LDAP back-end authentication.
Again, not from the WAN interface but from a private least exposed firewall interface.
Logged
klaasth
Newbie
Posts: 25
Karma: 1
Re: Howto disable brute force login
«
Reply #2 on:
March 05, 2019, 08:47:12 am »
Thanks Bagoline for the info.
So my opnsense firewall is safe from bruteforce attacks when it is only possible to logon to the webinterface from:
on a specific VLAN which is not accessible for normal users
or when connected to VPN
Kind regards
Logged
3kj2w
Newbie
Posts: 26
Karma: 4
Re: Howto disable brute force login
«
Reply #3 on:
March 06, 2019, 09:33:06 pm »
I remember some time ago I mod all my firewalls install to allow web access only from 127.0.0.1 and I forward web secure interface port on SSH tunnel... extra secure steps I have in my config: I can access SSH only from VPN, one interface not shared with V/LANs and one defined IP for V/LANs.
«
Last Edit: March 06, 2019, 09:40:10 pm by 3kj2w
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Howto disable brute force login