Hi, Am 05.03.10 17:01, schrieb Matthew Seaman:
table <ssh-bruteforce> persist [...near the top of the rules section...] block drop in log quick on $ext_if from<ssh-bruteforce>[...later in the rules section...] pass in on $ext_if proto tcp \ from any to $ext_if port ssh \ flags S/SA keep state \ (max-src-conn-rate 3/30, overload<ssh-bruteforce> flush global)
that is dangarous, if you use subversion over ssh you will sometimes get more then 10 requests in 30 seconds.
That means you will also block users they are allowed to connect. Gruss, Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
