> > There is a nice and easy way to blocking ssh brute-force attempts with pf > only: > > http://legonet.org/~griffin/openbsd/block_ssh_bruteforce.html Exactly. This is a much cleaner solution than portknocking to stop brute force attacks. I recently implemented this on a few of my servers.