>>>>> Some of my pfsense boxes get a lot of SSH bruteforces; is there a >>>>> package like fail2ban out there which could automatically blacklist >>>>> IPs after x >>>> Request: It would be really nice if pfsense could limit the >>>> connection-rate *per IP*. >>> IIRC it is possible to set this per source-IP ;-) >> Maybe I missed an option then? >> How do you configure it? > This is configured through the Advanced options in each Filter-Rule. > Ich you set 5 Connection see attached picture ;-)
The way I read these options are: * Simultaneous client connection limit The number of simultaneous connections each client can have. * Maximum new connections / per second Global maximum connection limits. The first option will limit how many concurrent SSH sessions I can run from any one IP. The second option will limit how many connections can be attempted per interval. As far as I know, setting a client connection limit will *not* prevent the connection/time limit from killing you in case somebody starts hammering the server. Am I not reading these options right? (Some documentation would be nice too *G*) > Yes, only using SSH-Keys is an very good option, but not useful if you > are on the Way or you have your keys not by hand..... ;-) Indeed everything is a compromise. Changing the port also has issues since some admins won't allow all ports outbound (of course they might not allow SSH out either). Regards, -Jeppe