John <[EMAIL PROTECTED]> writes: > This is every couple of seconds as you can see. What i'd like is to > allow max 2 failures from one IP in 30 seconds, if more than that write > to /etc/shitlist.txt which, if the connecting IP is found in there, logs > and silently drops the connection. Can pf do this?
The details differ slightly, but you can get something functionally equivalent using overload rules and a table you block. I have some musings on this in the tutorial[1], it does not cover all possible wrinkles but should be enough to get you started. [1] http://home.nuug.no/~peter/pf/en/bruteforce.html, choice of formats from http://home.nuug.no/~peter/pf/ -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
