"
I'm trying to set a rule to Record an IP address and AUTO block Alias list, it if someone attempts FTP or SSH into my firewall more than X times.
This works until they attempt it on a DNAT IP address.
The advanced rule has a great feature that allows you to add IP's to an Alias. And a different rule higher up, block any IP in that Alias.
By setting a Rule on the WAN Interface, with a BLOCK action, Destination Port 21,22,23 (example) and then moving down to the "Max new Connections[c]" and "Max new connections" and setting those to Connections: 3 and Seconds: 60
If someone attempts to connect to your OPNsense 3 times within 60 on port 21,22,23 the IP will get recorded to whatever Alias you set in "Overload Table"
Can someone help please, any suggestions are appreciate.
This works until they attempt it on a DNAT IP address.
The advanced rule has a great feature that allows you to add IP's to an Alias. And a different rule higher up, block any IP in that Alias.
By setting a Rule on the WAN Interface, with a BLOCK action, Destination Port 21,22,23 (example) and then moving down to the "Max new Connections[c]" and "Max new connections
If someone attempts to connect to your OPNsense 3 times within 60 on port 21,22,23 the IP will get recorded to whatever Alias you set in "Overload Table"
Can someone help please, any suggestions are appreciate.
