On Fri, Feb 16, 2007 at 04:50:10AM +0000, John wrote: > This is every couple of seconds as you can see. What i'd like is to > allow max 2 failures from one IP in 30 seconds, if more than that write > to /etc/shitlist.txt which, if the connecting IP is found in there, logs > and silently drops the connection. Can pf do this?
Don't forget to set MaxAuthTries to something small in sshd_config, otherwise they can attempt unlimited username/password guesses on the same TCP connection. I spent hours trying to figure out what was wrong with my firewall once because I was not aware of that. -- Good code works. Great code can't fail. -><- <URL:http://www.subspacefield.org/~travis/> For a good time on my UBE blacklist, email [EMAIL PROTECTED]
pgpXxLyXvhSEm.pgp
Description: PGP signature
