Block after X attempts for X minutes



  • I've got a few firewall rules right before my default deny rule.  These rules log common port's that are scanned just so I can see who's scanning SSH and a few others.

    Is there a better way to handle this?  The traffic is already blocked but perhaps a way to block access to anything\everything for a period of time for their bad behavior?

    I see a "Max. src. conn. Rate" and "Max. src. conn. Rates" setting in advance, but I'm unclear if these could be used and I haven't seen a good example.  Is this what I'm looking for?

    Greatly appreciated for the help