ALTQ - Overloading To a Tiny Queue

A variation on Turning Away The Brutes:

pass log quick on $ext_if proto tcp to port ssh \
      queue (ssh_bulk, ssh_interactive)

becomes

pass log quick on $ext_if proto tcp to port ssh \
keep state (max-src-conn 15, max-src-conn-rate 5/3, \
     overload <bruteforce> flush global) \
     queue (ssh_bulk, ssh_interactive)

where

queue smallpipe bandwidth 1kb cbq

and

     pass inet proto tcp from <bruteforce> to port $tcp_services \
         queue smallpipe