• [Removed]

  • No way to tell what that is at the network level. What some people do is use some centralized monitoring system to collect attacking IPs, then have the firewall pull those in via a URL table alias or using pfblocker.

  • Create a firewall rule and used advanced features / advanced options to rate limit new connections.
    I use: 3/60 (max 3 new connections per 60 seconds)

  • LAYER 8 Global Moderator

    If what your after is less noise in the logs, changing the port might help… Keep in mind security through obscurity is not security!

    Why would you allow password auth in the first place?  Just use public key, turn off password..  Use failtoban or whatever on the ssh box if you don't want them filling up your logs.. How about just using vpn access into your network before you ssh to what is behind pfsense.

    Lock down the ssh to your netblock if your using it for admin from known networks... Install pfblocker package and block all the bad countries from getting to the ssh at pfsense.

    Combinations of the above..

Log in to reply