On Thu, Jul 10, 2008 at 12:08:26PM -0700, Jeff Simmons wrote: > While it's probably not an option for most people, the pf firewall in OpenBSD > (and ported to FreeBSD) has settings that basically say after X login > attempts over some time period Y for a given IP address, block further > attempts for time period Z. It's highly configurable. That's not built into PF itself. What PF can do, though, is create a "table". Rules can be constructed so that every IP address in the table is blocked (or allowed, etc.). And then IP addresses can be added to the table on the fly, either by something that parses sshd logs, or by a hook inserted into sshd itself.
