just a minor variation (in B dur) for what the others had said:
relevant parts of /etc/pf.conf:
SSH_LIMIT="(max-src-conn-rate 3/30, overload <bad_ssh> flush global)"
table <bad_ssh> persist
block return-rst log quick proto tcp from <bad_ssh> label "ssh-pirate"
block in
pass in on $ext_if proto tcp from any to ($ext_if) port ssh \
flags S/SA keep state $SSH_LIMIT label "ssh"
kripel> cat /etc/daily.local
#!/bin/sh
echo "flushing bad_ssh: "
pfctl -t bad_ssh -T show
pfctl -t bad_ssh -T flush
yes, i know, i am forgiving, i flush the table everyday..
but you get the idea. you can play with this as much as you like.
even make statistics, draw graphs, etc ;-) corporate drones like that ;-)
show them how much they need openbsd
-f
--
drinking kills brain cells, but just the weak ones...
