On Feb 10, 2011, at 2:52 AM, Daniel Hartmeier wrote:
>
>> Feb 8 11:27:57 castor sshd[57332]: Invalid user ashley from 113.185.0.16
>
> diff = 3, count -= 8770 * 3 / 60, += 1000, count = 9332, last = 57
>
> Now count is larger than your limit 9000, and the threshold is
> triggered, after 15 connections (the 16th is probably due to syslog
> not showing the precise timestamps).
Except it didn't :(
I just gave a simple of one minute interval.
I didn't want to post all entries to the list:
# bzgrep 113.185.0.16 /var/log/auth.log.0.bz2 | wc -l
939
Vadym
>
> You can re-calculate the steps with 30 <seconds> (instead of 60),
> and see how it triggers...
>
> Daniel
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
