Originally Posted by Tenaka
as I have understood it bfd (=brute force detection) should take care of brute force attacks against any port and any service...
for ssh atacks I already run fail2ban which takes care of those - at least it should :-) I was just wondering why I see no action from bfd...
It does, but only if you have APF runing. if you have APF runing in DEVEL mode it will flush rules every 5 mins, so isnt of much use this way.