YvEs2005

1.  manual load pf

# kldload pf.ko

==>  pfctl  -e    or  pfctl  -d    enable/disable 

2. make in kernel

device pf
device pflog
device pfsync

make ALTQ 

options         ALTQ
options         ALTQ_CBQ        # Class Based Queuing (CBQ)
options         ALTQ_RED        # Random Early Detection (RED)
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
options         ALTQ_NOPCC      # Required for SMP build

3. cd ../compile/GENER   ,  make depend ; make ; make install   ,  reboot 

4.  block  ssh attack  

First, set up the table. In the tables section, add

table <bruteforce> persist

Then somewhere fairly early in the rule set, add a rule to block the bruteforcers:

block quick from <bruteforce>

And finally, the pass rule.

pass inet proto tcp from any to $localnet port $tcp_services \
    flags S/SA keep state \
    (max-src-conn 100, max-src-conn-rate 15/5, \
    overload <bruteforce> flush global)

reference :http://www.freebsd.org/doc/handbook/firewalls-pf.html