Cup Of Coffee

"zomg! getting ssh bruteforced! halp!"
"Here! Just add theses IP Tables rules..."

iptables -N blacklist 2>/dev/null
iptables -F blacklist
iptables -A blacklist -m recent --name blacklist --set
iptables -A blacklist -j DROP
iptables -N ssh 2>/dev/null
iptables -F ssh

iptables -A ssh -m recent --update --name blacklist --seconds 320 --hitcount 1 -j DROP

iptables -A ssh -m recent --set --name count1

iptables -A ssh -m recent --update --name count1 --seconds 10 --hitcount 3 -j blacklist

iptables -A ssh -j ACCEPT

"Finally, drop it into your INPUT table somewhere:"

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ssh


That sort of stuff makes me cry.
It also makes me happy that I was introduced to pf a few years back.

block drop in quick from <abusers> to any

pass in quick on $wan proto tcp to ($wan) port ssh flags S/SA keep state \
        (max-src-conn 2, max-src-conn-rate 3/10, overload <abusers> flush global)

Koo koo ka choo!