Sha'ul wrote: I tried writing my rules to allow only 1 SSH login at a time, and to lock out everyone else until the current person has closed their their SSH session, and then it is open for someone else to SSH in if need be.
My problem seems to be is it only allows 1 SSH login and that's it, have to reboot if someone else wants in or for first person to ssh in again. Can you please correct what is wrong with my rules? block in all set require-order no set skip on lo scrub in all scrub out all ext_if = "dc0" int_if = "lo0" antispoof quick for $ext_if antispoof quick for lo table <bruteforce> persist block quick from <bruteforce> pass quick proto tcp from any to any port ssh \ keep state (max-src-conn 1, max-src-conn-rate 2/300, \ overload <bruteforce> flush global) #block in quick from urpf-failed to any # use with care # By default, do not permit remote connections to X11 block in on ! lo0 proto tcp from any to any port 6000 Well the first issue that I see is that if someone happens to attack your server you would be very easily DoS'd Unless this server is on a private network that is... Even then if someone leaves the session open by accident... I believe you need to take out the overload and the src-conn rules and just use a "max" rule only. I believe that will do what you wait. Lawrence
