On 2019-01-09, Aaron Mason <simplersolut...@gmail.com> wrote: > Hi Jordan > > I've set it up to try it, but I'm not having much luck. Even when I > trigger more than one, it still doesn't populate the bad_hosts table, > even again when I extend the rate period to 86400 seconds. I've added > logging so I know the rule is triggering. See below.
max-src-conn-rate is only triggered when a TCP connection is established, you need to have something listening (and it will only trigger on the *second* connection).
