SSH scans vs connection ratelimiting

[Lyndon Nerenberg]

Take a look at /usr/ports/security/bruteforceblocker.  It monitors the 
system log for failed ssh logins, and blocks the sites via pf.  It's 
reasonably configurable, and works very well.  I've been running it for 
months without trouble.

Note that it lets you whitelist specific hosts to prevent against someone 
DOSing you by forging your IP address.

--lyndon