Block-ip action for blocking brute force ssh doesn't seem to be working
We've been noticing that we are getting quite a bit of brute force ssh attempts on our system, so we decided tonight to put in a rule that blocks those attempts. I took one of our existing policies that just logs everything, and added an exception that would block ssh brute forcing. Originally the action we set was block-ip, and we set it to blo...




