From cd6f7994a9c5d6501ce56b57362c7f33f64fa3d5 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Wed, 19 Jul 2023 14:39:45 +0000 Subject: sshguard: T5354: Add service ssh dynamic-protection Sshguard protects hosts from brute-force attacks It can inspect logs and block "bad" addresses by threshold Auto-generates own tables and rules for nftables, so they are not intercept with VyOS firewall rules. When service stops, all generated tables are deleted. set service ssh dynamic-protection set service ssh dynamic-protection allow-from '192.0.2.1' set service ssh dynamic-protection block-time '120' set service ssh dynamic-protection detect-time '1800' set service ssh dynamic-protection threshold '30' --- debian/control | 1 + 1 file changed, 1 insertion(+) (limited to 'debian/control') diff --git a/debian/control b/debian/control index a93c1fdb8..6f92677df 100644 --- a/debian/control +++ b/debian/control @@ -128,6 +128,7 @@ Depends: squid, squidclient, squidguard, + sshguard, ssl-cert, sudo, systemd, -- cgit v1.2.3