Block after X attempts for X minutes
-
I've got a few firewall rules right before my default deny rule. These rules log common port's that are scanned just so I can see who's scanning SSH and a few others.
Is there a better way to handle this? The traffic is already blocked but perhaps a way to block access to anything\everything for a period of time for their bad behavior?
I see a "Max. src. conn. Rate" and "Max. src. conn. Rates" setting in advance, but I'm unclear if these could be used and I haven't seen a good example. Is this what I'm looking for?
Greatly appreciated for the help