On Wed, Feb 22, 2006 at 04:48:19PM -0500, Daniel Ouellet wrote: > Ray Lai wrote: > >I thought you meant you could do something like: > > > > block in log-table <zombie> to port 25 > > > >where <zombie> is updated automatically. > > If you read on the PF and look at what I send you, you will see that > <bad-ssh> IS updated automatically. > > That's what the line: > > (max-src-conn-rate 5/30, overload <bad_ssh> flush global) > > does. After 5 connection in 30 seconds, the IP address is put > automatically into the table <bad_ssh> and flush global remove any state > in the PF table. > > Just adjust the max-src-conn-rate 5/30 for what you want. > > Hope this make it more clear.
Ah, neat. -Ray-
