[hebz0rl]

You can use iptables for that:

  $ sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH

  $ sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP

Copied from http://kvz.io/blog/2007/07/28/block-brute-force-attacks-with... but I agree that pf ist just much more sane config wise.

[simcop2387]

Since nftables is supposed to be backwards compatible, I'd guess it can do this too. I wonder what it'll look like for that. A lot of the other syntax looks nicer, i suspect that this will be better too.