I see a couple dozen of these every day. I have confirmed the addresses are NOT being triggered by country blocking. Also being tagged as 'SSH connection attempt' seems to imply being handled specially? An occasional 'WebAdmin connection attempt' as well. Explicit rules added to silently drop these are ineffectual. I did read Rule #2 and nothing there seems to apply?
This thread was automatically locked due to age.