From owner-freebsd-ipfw@FreeBSD.ORG Sun Jul 17 23:12:24 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CBA816A41C for ; Sun, 17 Jul 2005 23:12:24 +0000 (GMT) (envelope-from lists@natserv.com) Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id E178843D46 for ; Sun, 17 Jul 2005 23:12:23 +0000 (GMT) (envelope-from lists@natserv.com) Received: from localhost (localhost.natserv.net [127.0.0.1]) by zoraida.natserv.net (Postfix) with ESMTP id ED1777DC3 for ; Sun, 17 Jul 2005 19:12:22 -0400 (EDT) Date: Sun, 17 Jul 2005 19:12:22 -0400 (EDT) From: Francisco Reyes X-X-Sender: fran@zoraida.natserv.net To: freebsd-ipfw@freebsd.org Message-ID: <20050717190755.Q13035@zoraida.natserv.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Trying to understand dynamic rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jul 2005 23:12:24 -0000 Learning about dynamic rules today. In particular I would like to know if there is a way to filter out connections based on repeated connections... Basically I keep track of attempts to connect to the SSH port. Any IP that tries to connect using a non existing user numerous times I run a script and blackhole the IP. What I would like was if IPFW would see numerous attempts to connect to SSH from the same IP and automatically create a rule to not allow that IP to connect at all to my machine. Is this possible?