Traditional Anti-Bruteforce Rules

Rapid-fire bruteforce attacs are easy to head off, first OpenBSD PF style, with state tracking options to set limits:


table <bruteforce> persist
block quick from <bruteforce>
pass inet proto tcp to $int_if:network port $tcp_services \
        keep state (max-src-conn 100, max-src-conn-rate 15/5, \
         overload <bruteforce> flush global)

max-src-conn: # of connections from one host

max-src-conn-rate: rate of new connections: 15 connections per 5 seconds.

overload <bruteforce>: offenders go to the blocked table

flush global : kill all connections

Basically, problem solved - the noise generally disappears instantly. If you like, tweak rules to local tastes and needs.