sshlockout setting

Started by morik_opnsense, December 01, 2022, 12:06:03 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 01, 2022, 12:06:03 AM
Hello experts,

Issue: After 3 consecutive failed attempts at ssh'ing as root, from a LAN machine (say ip1), I was no longer able to ssh.
Fix: ssh as root from a different machine (ip2), issued
Code Select
pfctl -T flush -t sshlockout to flush the entry, and life was good.

Questions:

  • When viewing Firewall->Diagnostics->Sessions->'select rule' sshlockout had two entries for the rule. Why? One for LAN and another for WAN interface?
  • Neither of entries showed the culprit ip address (ip1). Both entries were empty.
  • For my future reference, how does one view entries in sshlockout table of pfctl?
  • For my future reference, which configuration parameter does one tweak to adjust sshlockout? e.g. increase or decrease # of consecutive attempts? or total # of attempts in X mins etc?

Your time and responses are much appreciated.
[/list]
Print
Go Up Pages1
User actions