Thanks for the reply schrodinger,
Both those suggestions will work but, I'm exploring solutions aren't "after" the fact. The other problem is the IPs responsible for these attempts are non/hosting main stream ISPs infected by botnots (I block/drop in quick most hosting data centers). The rules to detect this type of garbage aren't a problem but, I want the detection to be at the firewall or, as close as possible to the firewall and so far it seems like a proxy between pf and anything else is what I may have to use.
|