I'm trying to set a rule to Record an IP address and AUTO block Alias list, it if someone attempts FTP or SSH into my firewall more than X times.
This works until they attempt it on a DNAT IP address.
The advanced rule has a great feature that allows you to add IP's to an Alias. And a different rule higher up, block any IP in that Alias.
By setting a Rule on the WAN Interface, with a BLOCK action, Destination Port 21,22,23 (example) and then moving down to the "Max new Connections[c]" and "Max new connections" and setting those to Connections: 3 and Seconds: 60
If someone attempts to connect to your OPNsense 3 times within 60 on port 21,22,23 the IP will get recorded to whatever Alias you set in "Overload Table"
Can someone help please, any suggestions are appreciate.