Like suggested above, man 5 pf.conf, and check out the stateful filtering section, and the max-src-conn + max-src-conn-rate variables in particular. There is a self-explanatory example there in the manual. Its awesome for when you need to run sshd (or any tcp-service really) on a "heavily targeted" ip. The brute-force spam crap in your logs will pretty much go away completly.
|