I wonder if anyone can confirm if PFSense can offer the following
Wan Public IP
Lan Public IP Subnet /24
Lan servers get IP4 static public IP directly on the device.
if anyone externally tries to login to a server hosted on the lan interface with incorrect username / passwords for a set amount of times then put the offenders IP in a black list and block all future requests for that IP Address?
pfSense cannot know if the username and password used at login on the server are correct or not.
However, you may generate a blacklist of dirty IPs on the server and use this in a firewalls rule for blocking traffic.
just put the servers in the DMZ and forward the services you need from the public IP to the server one.
The authentication should be provided by the server.