block quick proto tcp from <brute> to any port 22
pass quick proto tcp from any to any port 22 keep state \
(max-src-conn-rate 20/60, overload <brute> flush global)
danger@ said:even better would be to use ssh-keys rather than passwords;
other ideas are still applicable though.
mfaridi said:I do not want use Firewall like PF and IPFW ,
can I find best way for block SSH
SaveTheRbtz said:# cat pf.conf
works fine for me.Code:block quick proto tcp from <brute> to any port 22 pass quick proto tcp from any to any port 22 keep state \ (max-src-conn-rate 20/60, overload <brute> flush global)
I had some troubles rewriting management shell scripts using non-standatr ssh ports.
block quick proto tcp from <spammers> to any port 25
pass quick proto tcp from <grey_clients> to any port 25 keep state \
(max-src-conn-rate 15/60, overload <spammers> flush global)