On Wednesday 22 February 2006 16:48, Daniel Ouellet wrote: > If you read on the PF and look at what I send you, you will see that > <bad-ssh> IS updated automatically. > > That's what the line: > > (max-src-conn-rate 5/30, overload <bad_ssh> flush global) > > does. After 5 connection in 30 seconds, the IP address is put > automatically into the table <bad_ssh> and flush global remove any > state in the PF table. > > Just adjust the max-src-conn-rate 5/30 for what you want.
But with max-src-conn-rate aren't you actually allowing connections? The first I want to do is block connections, not allow them. Will use of max-src-conn-rate work with a block? With attempted connections that never get allowed? Chris
