On Thu, 6 Jul 2006 11:15:24 -0400
"Peter Blair" <[EMAIL PROTECTED]> wrote:
> Something like:
>
> pass in quick on $ext_if from { $friendly_networks } to any port ssh
> keep state block in on $ext_if from any to any port ssh
>
> should work. You can place "$friendly_networks" into a table that
> gets loaded from a file if the list is large. And/or update it via
> pftcl on the fly.
>
> On 7/6/06, Bharj, Gagan <[EMAIL PROTECTED]> wrote:
> > Hello Folks,
> >
> > Our server is getting hammered on a daily basis by IPs trying to
> > open an ssh session. Currently, I'm manually putting the subnets
> > (in a pf table) that are repeatedly trying to get in. As you can
> > see, this list will eventually get very big and will be
> > unmaintainable. Is there any way that I can say only allow IP
> > addresses from particular ISPs or domains?
> >
> > Regards,
> > Gagan
>
>
Using max-src-conn and max-src-conn-rate to load a block table in pf
works very nicely for me. There is an example in man 5 pf.conf.q
