Subject: By default block only ssh bruteforce attacks.
Origin: Alex Mestiashvili <alex@biotec.tu-dresden.de>
--- libpam-abl.orig/conf/pam_abl.conf
+++ libpam-abl/conf/pam_abl.conf
@@ -4,11 +4,11 @@
 host_rule=*:30/1h
 user_db=/var/lib/abl/users.db
 user_purge=1d
-user_rule=*:3/1h
+user_rule=*/sshd:5/1h
 host_clear_cmd=[logger] [clear] [host] [%h]
 host_block_cmd=[logger] [block] [host] [%h]
 user_clear_cmd=[logger] [clear] [user] [%u]
 user_block_cmd=[logger] [block] [user] [%u]
 limits=1000-1200
-host_whitelist=1.1.1.1/24;2.1.1.1
-user_whitelist=danta;chris
+host_whitelist=localhost
+user_whitelist=