On Thu, 6 Jul 2006 10:46:43 -0500
Mike Piety <[EMAIL PROTECTED]> wrote:
> On Thu, 6 Jul 2006 11:15:24 -0400
> "Peter Blair" <[EMAIL PROTECTED]> wrote:
>
> > Something like:
> >
> > pass in quick on $ext_if from { $friendly_networks } to any port ssh
> > keep state block in on $ext_if from any to any port ssh
> >
> > should work. You can place "$friendly_networks" into a table that
> > gets loaded from a file if the list is large. And/or update it via
> > pftcl on the fly.
> >
> > On 7/6/06, Bharj, Gagan <[EMAIL PROTECTED]> wrote:
> > > Hello Folks,
> > >
> > > Our server is getting hammered on a daily basis by IPs trying to
> > > open an ssh session. Currently, I'm manually putting the subnets
> > > (in a pf table) that are repeatedly trying to get in. As you can
> > > see, this list will eventually get very big and will be
> > > unmaintainable. Is there any way that I can say only allow IP
> > > addresses from particular ISPs or domains?
> > >
> > > Regards,
> > > Gagan
> >
> >
> Using max-src-conn and max-src-conn-rate to load a block table in pf
> works very nicely for me. There is an example in man 5 pf.conf.q
oops ^^
