mention that PerSourcePenalties don't affect concurrent in-progress

author djm <djm@openbsd.org>

Thu, 6 Jun 2024 20:20:42 +0000 (20:20 +0000)

committer djm <djm@openbsd.org>

Thu, 6 Jun 2024 20:20:42 +0000 (20:20 +0000)
author djm <djm@openbsd.org>
Thu, 6 Jun 2024 20:20:42 +0000 (20:20 +0000)
committer djm <djm@openbsd.org>
Thu, 6 Jun 2024 20:20:42 +0000 (20:20 +0000)
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5

index 430de76..7c1cb57 100644 (file)
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -33,7 +33,7 @@
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
-.\" $OpenBSD: sshd_config.5,v 1.356 2024/06/06 17:15:25 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.357 2024/06/06 20:20:42 djm Exp $
  .Dd $Mdocdate: June 6 2024 $
  .Dt SSHD_CONFIG 5
  .Os
@@ -1565,8 +1565,9 @@ If a penalty is enforced against a client then its source address and any
  others in the
  .Cm PerSourceNetBlockSize
  will be refused connection for a period.
-Multiple penalties from the same source from concurrent connections will
-accumulate up to a maximum.
+A penalty doesn't affect concurrent connections in progress, but multiple
+penalties from the same source from concurrent connections will accumulate
+up to a maximum.
  Conversely, penalties are not applied until a minimum threshold time has been
  accumulated.
  Penalties are off by default but may be enabled using default settings using the
author	djm <djm@openbsd.org>
	Thu, 6 Jun 2024 20:20:42 +0000 (20:20 +0000)
committer	djm <djm@openbsd.org>
	Thu, 6 Jun 2024 20:20:42 +0000 (20:20 +0000)