>> Dear Mattthew,
>> Grateful for sending me in right direction, solution really sounds well.
>> Does it look good configuration for "/etc/pf.conf" ?
>> # START
>> table bruteforce persist
> Watch the syntax -- it's table <bruteforce> persist with angle brackets.
>> block in log quick from bruteforce
>> pass in on $ext_if proto tcp \
>> from any to $ext_if port $trusted_tcp_ports \
>> flags S/SA keep state \
>> (max-src-conn-rate 3/300, overload bruteforce flush global)
> Again -- you need angle brackets around the table name.
>> # END
>> AND CRON:
>> */12 * * * * /sbin/pfctl -t ssh-bruteforce -T expire 604800 >/dev/null
>> What is the function "expire 604800" are they entries in the table?
>> should it be -t bruteforce or -t ssh-bruteforce
> Ooops. Yes, -t bruteforce is correct. "expire 604800" means delete
> entries after they've been in the table for that number of seconds (ie
> after one week)
> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
> Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
> JID: matthew@infr... Kent, CT11 9PW
i am very much grateful for your assistance and advice configuring PF
correctly. Well done !