View Single Post
  #3   (View Single Post)  
Old 7th January 2010
mayuka mayuka is offline
Fdisk Soldier
Join Date: Dec 2009
Posts: 64

Originally Posted by There0 View Post
pass in log quick on { $EXT, $INT } inet proto tcp from ip.addr.allowed to { $EXT } port $TCP_SVCS flags S/SA modulate state (max-src-conn 10, max-src-conn-rate 3/10, overload <bruteforce> flush global)
I have a similar rule in my pf.conf for port 80. Since ssh listens on another port than 22 (for safety reasons) I just simply want to make a similar rule but altogether with block instead of pass. So that everyone who tries connection to port 22 is being put on the table attackers automatically.
Reply With Quote