Quote:
Originally Posted by There0
pass in log quick on { $EXT, $INT } inet proto tcp from ip.addr.allowed to { $EXT } port $TCP_SVCS flags S/SA modulate state (max-src-conn 10, max-src-conn-rate 3/10, overload <bruteforce> flush global)
|
I have a similar rule in my pf.conf for port 80. Since ssh listens on another port than 22 (for safety reasons) I just simply want to make a similar rule but altogether with block instead of pass. So that everyone who tries connection to port 22 is being put on the table attackers automatically.