Note that PF cannot discriminate between legitimate and abusive multiple connections from same cidr. If you whitelist the cidr of a mobile network, to avoid banning yourself on port 993, you also whitelist bruteforce attacks from the same cidr.
Sent from ProtonMail Mobile On Sun, Oct 29, 2017 at 5:26 AM, Tom Rosso <t...@oioioioo.org> wrote: > On 2017-10-28 21:20, x9p wrote: > Hi, > > Coming from the Linux world, I > wonder if there is a better alternative > to fail2ban, already being used in > OpenBSD servers by the majority. > > cheers. > > x9p The pf firewall provides > the capability to block brute force attacks. See max-src-conn-rate. > https://www.openbsd.org/faq/pf/filter.html#stateopts
