FreeBSD pkg_add little trick

So don’t ask me why but I decided to run FreeBSD 6.0 on an older Dell Latitude laptop. Install goes fine. But now I’ve got an issue. When trying to install a package I get the troublesome ftp error (cannot find this location dummy). But this was quickly resolved with the following.

You can also see which ftp directory your FreeBSD system is currently using by reading the error received when you try to install a bogus package:

# pkg_add -r test
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-release/Latest/abc.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch ‘ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-release/Latest/abc.tbz’ by URL

In this case, the system is using packages-6-release/Latest which contains the 6.9 version of xorg instead of packages-6-stable which contains the latest or 7.2 version of xorg. Take a peek in both directories on the ftp site, you’ll see for yourself.

You can ask pkg_add to go to a different location by modifying the PACKAGESITE environmental variable by typing this as one line:

# setenv PACKAGESITE ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/

And Eureka! No more install issues.

Stopping FTP Brute Force Attacks in FreeBSD and OpenBSD

This is a great little article that I came across talking about stopping FTP brute force attacks in OpenBSD or FreeBSD (both of my favorite OS’s). It assumes that your using PF as your firewall (which you should!).

You can easily stop bruteforce attacks by limiting connections per IP using pf
firewall under FreeBSD or OpenBSD.

Open /etc/pf.conf

# vi /etc/pf.conf

Update it as follows:

# the lists of known FTPD attackers
table persist file “/etc/pf.ftp.block.list”

# block all incoming connections from attackers on FTPD
block in quick on $ext_if from

# Let us allow FTP with bruteforce protection
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 21 keep state (max-src-conn-rate 5/40, overload flush global)

Above will block FTP connections more than 5 times in 40 seconds. Also append the following line to /etc/rc.shutdown to keep changes after the reboot:

# echo '/sbin/pfctl -t ftp-attacks -T show > /etc/pf.ftp.block.list' >> /etc/rc.shutdown

Finally, reload pf firewall:

# /etc/rc.d/pf reload

To list currently blocked IP (attackers IP), enter:

# pfctl -t ftp-attacks -T show