ignat...@cs.uni-bonn.de writes: >Hello,
>is there a minimal example how to configure bl*cklistd and npf to
>block attacks on sshd?
/etc/bl*cklistd.conf:
# Bl*cklist rule
# adr/mask:port type proto owner name nfail disable
[local]
ssh stream tcp * * 5 3h
ssh stream tcp6 * * 5 3h
/etc/npf.conf:
$primary_if = "wm0"
group "external" on $primary_if {
ruleset "bl*cklistd"
}
# bl*cklistctl dump -a | wc
13 53 609
