On Sun, Oct 04, 2020 at 11:23:37AM -0000, Jason Long wrote:
My current configuration is:
services: http https ssh
"ssh" here conflicts with your rich rule below. Here "ssh" is
accepted. The rich rule will limit as intended, but that's not useful if
you have "ssh" in service as well, because it always accepts (i.e. no
ports: 990/tcp 40000-50000/tcp
rule service name="ssh" accept limit value="1/m"
Any rich rules that improve protection?