noqqe/pf.conf

## pf.conf
# Block anything
block in all
block out all
block return

# Anti SSH Bruteforce
table <bruteforce> persist
table <admins> { 1.2.3.4/32 }

# Disallow bruteforcing IPs except <admins>
pass in on $extif from <admins> to any port ssh
block quick from <bruteforce>

# Allow and track ssh brute force
pass in on $extif proto tcp from any to any port ssh \
  flags S/SA keep state \
  (max-src-conn 5, max-src-conn-rate 5/50, \
  overload <bruteforce> flush global)
	# Block anything
	block in all
	block out all
	block return

	# Anti SSH Bruteforce
	table <bruteforce> persist
	table <admins> { 1.2.3.4/32 }

	# Disallow bruteforcing IPs except <admins>
	pass in on $extif from <admins> to any port ssh
	block quick from <bruteforce>

	# Allow and track ssh brute force
	pass in on $extif proto tcp from any to any port ssh \
	flags S/SA keep state \
	(max-src-conn 5, max-src-conn-rate 5/50, \
	overload <bruteforce> flush global)