Quote:
Originally Posted by denta
I think the point is, you can protect your services from bruteforce attacks with a simple overload <table> statement, which means no need for any additional software, which means less dodgy code running on your machine.
Less is more!  |
Well, this is not bad advice, so I will consider it, because it actually keeps you away from having to deal with sshguard too.
Another update of mine:
Code:
pass out quick proto { tcp udp icmp } modulate state
Well I really don't use any other protocols for outgoing connections. Modulate state is going to be keep state for udp and icmp automatically.