Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Make table to keep track of IP's of SSH brute forcers:
- table <bruteforce> persist
- # Make sure they are unable to connect to the system after being appended to table:
- block quick from <bruteforce>
- # The rule how one is appended to the table..
- # By connecting with more then 5 clients to the SSH port
- # and try reconnect 5 times within 30 secs, append client machine to the table:
- pass inet proto tcp from any to any port ssh \
- flags S/SA keep state \
- (max-src-conn 5, max-src-conn-rate 5/30, \
- overload <bruteforce> flush global)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement