Additionally,
Code:
# open ssh port - protect ssh server from bruteforce attacks (actual offenders will be picked up by sshguard)
pass in on egress proto tcp \
from any to (egress) port ssh \
synproxy state (max-src-conn 15, max-src-conn-rate 5/3)
really needs a <table> inclusion
Code:
# open ssh port - protect ssh server from bruteforce attacks (actual offenders will be picked up by sshguard)
pass in on egress proto tcp \
from any to (egress) port ssh \
synproxy state (max-src-conn 15, max-src-conn-rate 5/3 overload <sshbrutes> flush global)
And the -- comprehensive -- way to write the rule goes ...
Code:
# open ssh port - protect ssh server from bruteforce attacks (actual offenders will be picked up by sshguard)
table <sshbrutes> persist { }
#
pass in log quick on egress inet proto tcp \
from !{ (egress:0) <sshbrutes>} to (egress:0) port ssh \
synproxy state (max-src-conn 15, max-src-conn-rate 5/3 overload <sshbrutes> flush global)