So far, I've just added the offending hosts to a table in
/etc/pf.conf and denied them access to all ports, something like:
#####
table <badssh> { \
24.222.2.26, 24.232.121.93, 24.48.67.72, 61.206.117.59, \
61.63.10.210, 61.71.120.170, 62.112.223.131, 64.251.27.173, \
64.58.235.163, 64.71.150.51, 66.120.42.38, 66.146.155.143, \
# several rows trimmed for brevity
221.232.160.115, 221.6.69.10 \
}
# snip a few other pf rules
block in quick on $ext_if from <badssh>
#####
This has been very effective. I rarely need to add an additional
host to the deny table. Something similar would doubtless work in
iptables, too, if that's your preference.
Denyhosts looks like an interesting alternative, though. I think
I'll try it out :)
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
