What are you guys using for firewalls at home?

Rob

Administrator
Staff member
Joined
Oct 27, 2011
Messages
932
Reaction score
1,809
Credits
1,241
I've been using untangle on a Dell r210 for the past few years - it's based on Debian and has been pretty solid. I've been thinking of switching to pfsense though to see what the differences are.
 


ryanvade

Moderator
Joined
Apr 24, 2017
Messages
64
Reaction score
104
Credits
0
I've been using the default firewall in RouterOS on my microtik routerboard.
 

Steve

New Member
Joined
Apr 25, 2017
Messages
15
Reaction score
24
Credits
0
Currently just using the firewall that is in my router, but will be moving and will take the opportunity to switch to a pfsense firewall.
 

KarlLinux

New Member
Joined
May 2, 2017
Messages
17
Reaction score
7
Credits
0
I too am interested in setting up a home firewall. I am considering pfsense and untangle. Been watching YouTube videos on both. Untangle seems to be easier to use with few advanced options. I will try untangle first seem as though you have had no problems with it. I plan to put onto a cheap low-powered PC I can get my hands on and see how it goes.
 

lethargos

New Member
Joined
May 8, 2017
Messages
3
Reaction score
0
Credits
0
I'm using csf/lfd. But I'd have liked something even more customable, such as automatically banning any IPs from which root ssh logins are attempted. But I like the fact that it's on top of iptables.
 
OP
Rob

Rob

Administrator
Staff member
Joined
Oct 27, 2011
Messages
932
Reaction score
1,809
Credits
1,241
I'm using csf/lfd. But I'd have liked something even more customable, such as automatically banning any IPs from which root ssh logins are attempted. But I like the fact that it's on top of iptables.
csf/lfd bans failed login attempts as long as its x times within x seconds. You can tweak it in your csf.conf. I think by default, it's 5 times within 300 seconds.
 

lethargos

New Member
Joined
May 8, 2017
Messages
3
Reaction score
0
Credits
0
I know and I've already tinkered with that. But the user one tries to log in with is not a criterion for lfd, at least not by default. What I'd have liked was an immediate ban for anyone trying to log in with the root user. Some time ago someone suggested adding some perl code in order to match 'root', etc. Rather difficult - I'm still not sure if I'll ever learn perl, but maybe I'll try. Now I'm struggling with awk :)
 
OP
Rob

Rob

Administrator
Staff member
Joined
Oct 27, 2011
Messages
932
Reaction score
1,809
Credits
1,241
You could set up a script to keep an eye on lastb (type lastb, it'll show you failed logins) for the root user and ban the top 10 (or 20 etc..) in csf..

First step, find the top 10 offenders:
Code:
lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n|awk '{print $2}'|tail -n 10

Then, ban them w/ csf like:
Code:
for m in $(lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n|awk '{print $2}'|tail -n 10);do csf -d $m;done

Put it in a script in /usr/local/bin/ or something and call it from cron daily.

Note: to see the staggering amount of people trying to log in as root and showing their attempt count, type this:
Code:
lastb|grep root|awk '{print $3}'|sort|uniq -c|sort -n

Rob
 

ryanvade

Moderator
Joined
Apr 24, 2017
Messages
64
Reaction score
104
Credits
0
Isn't there an automated service that will do that for you Rob?
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation


Top