I'm not sure if I am understanding the configuration correctly.
I was under the impression that 3 connections within 6 seconds would ban the user. However, it takes much more before the ban kicks in ...
Why does it take 6 attempts in 7 seconds before the rate limit triggers?
Code:
pass in log on $EXT_IF inet proto tcp from any to $SERVER port $SSH \
flags S/SA keep state \
(max-src-conn-rate 3/6, overload <blacklist> flush global)
Code:
Oct 13 11:54:37 localhost postfix/smtpd[44936]: connect from telnet-online.net[176.9.8.180]
Oct 13 11:54:40 localhost postfix/smtpd[44936]: connect from telnet-online.net[176.9.8.180]
Oct 13 11:54:42 localhost postfix/smtpd[44931]: connect from telnet-online.net[176.9.8.180]
Oct 13 11:54:44 localhost postfix/smtpd[44936]: connect from telnet-online.net[176.9.8.180]
Oct 13 11:54:45 localhost postfix/smtpd[44931]: connect from telnet-online.net[176.9.8.180]
Oct 13 11:54:47 localhost postfix/smtpd[44936]: connect from telnet-online.net[176.9.8.180]