diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-07-19 14:39:45 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-07-19 14:39:45 +0000 |
commit | cd6f7994a9c5d6501ce56b57362c7f33f64fa3d5 (patch) | |
tree | 76fb06848729084eadf364d17a28e048657211de /interface-definitions/include | |
parent | 64cc7d7e3b9e2f0f8e16cb95272336062700b91f (diff) | |
download | vyos-1x-cd6f7994a9c5d6501ce56b57362c7f33f64fa3d5.tar.gz vyos-1x-cd6f7994a9c5d6501ce56b57362c7f33f64fa3d5.zip |
sshguard: T5354: Add service ssh dynamic-protection
Sshguard protects hosts from brute-force attacks
It can inspect logs and block "bad" addresses by threshold
Auto-generates own tables and rules for nftables, so they are not
intercept with VyOS firewall rules.
When service stops, all generated tables are deleted.
set service ssh dynamic-protection
set service ssh dynamic-protection allow-from '192.0.2.1'
set service ssh dynamic-protection block-time '120'
set service ssh dynamic-protection detect-time '1800'
set service ssh dynamic-protection threshold '30'
Diffstat (limited to 'interface-definitions/include')
0 files changed, 0 insertions, 0 deletions