From 7c23d8a1de26b13e948c83a30771da259e9a59e8 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 6 Mar 2022 09:58:22 +0100
Subject: smoketest: config: add "recent" firewall rule to dialup-router

(cherry picked from commit 1d0d4e83d8413c1b389be763cadd5d150d4be982)
---
 smoketest/configs/dialup-router-complex | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'smoketest')

diff --git a/smoketest/configs/dialup-router-complex b/smoketest/configs/dialup-router-complex
index fef79ea56..1b62deb5c 100644
--- a/smoketest/configs/dialup-router-complex
+++ b/smoketest/configs/dialup-router-complex
@@ -267,6 +267,22 @@ firewall {
             }
             protocol udp
         }
+        rule 800 {
+            action drop
+            description "SSH anti brute force"
+            destination {
+                port ssh
+            }
+            log enable
+            protocol tcp
+            recent {
+                count 4
+                time 60
+            }
+            state {
+                new enable
+            }
+        }
     }
     name DMZ-WAN {
         default-action accept
-- 
cgit v1.2.3