If you must block the bad actors, it's not that hard to write a cron job to scan your logs for what you want and add them to the table yourself.
I just do it manually for the satisfaction. Each day, if I feel annoyed, I grep | cut | whatever and pass it to pfctl. Gone. Easily automated, even in close to real-time with cron if you want.
You can also find chinese IP lists and just block them wholesale right off the bat. I have had mixed success with this. Either the list is incomplete or wrong, or attacks come from everywhere anyway. That's the nature of a botnet.
Or you could learn to trust ssh, as you seem to implicitly trust pf, and just let it go.
|