I noticed the new "match" keyword in pf. Will it help with this problem.
I constantly have bad guys sweeping though all the addresses in my class C network, trying things like ssh. I would like to notice these bad guys and block them. The obvious method of add them to a queue and Using "overload" to block the source IP can not be used (with the current 4.5 version of pf since you cannot add a packet to a queue that is blocked.