--- 00-orig/pf.conf	Tue Oct 17 21:25:52 2006
+++ pf.conf	Sat Feb 10 11:11:21 2007
@@ -8,6 +8,7 @@
 
 # Macros: define common values, so they can be referenced and changed easily.
 #ext_if="ext0"	# replace with actual external interface name i.e., dc0
+ext_if="xl0"
 #int_if="int0"	# replace with actual internal interface name i.e., dc1
 #internal_net="10.1.1.1/8"
 #external_addr="192.168.1.1"
@@ -25,13 +26,16 @@
 #set timeout { adaptive.start 0, adaptive.end 0 }
 #set limit { states 10000, frags 5000 }
 #set loginterface none
+set loginterface xl0
 #set optimization normal
 #set block-policy drop
+set block-policy return
 #set require-order yes
 #set fingerprints "/etc/pf.os"
 
 # Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
 #scrub in all
+scrub in all
 
 # Queueing: rule-based bandwidth control.
 #altq on $ext_if bandwidth 2Mb cbq queue { dflt, developers, marketing }
@@ -81,3 +85,9 @@
 # assign packets to a queue.
 #pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers
 #pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing
+
+###
+### bruteforceblocker
+###
+table <bruteforce> persist file "/var/db/ssh-bruteforce"
+block in log quick proto tcp from <bruteforce> to any port ssh