freeradius anti bruteforce lockout via mysql

hi there

here my version of an user lockout via mysql for freeradius

Create a table like:

CREATE TABLE IF NOT EXISTS `failed` (
 `stationid` text NOT NULL,
 `nasip` text NOT NULL,
 `username` text NOT NULL,
 `authdate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
vi /etc/freeradius/policy.conf
lockout_check {
 update control {
 Tmp-Integer-0 := "%{sql:SELECT COUNT(*) FROM failed where username='%{User-Name}' AND authdate>=DATE_SUB(NOW(), INTERVAL 15 MINUTE)}"
 }
 if (control:Tmp-Integer-0 > 5) {
 reject
 }
 }
 lockout_incr {
 update control {
 Tmp-Integer-0 := "%{sql:INSERT INTO failed (stationid,nasip,username,authdate) VALUES ('%{Calling-Station-Id}','%{NAS-IP-Address}','%{User-Name}', NOW())}"
 Tmp-Integer-1 := "%{sql:DELETE FROM failed WHERE authdate<=DATE_SUB(NOW(), INTERVAL 30 MINUTE)}"
 }
 }
vi /etc/freeradius/sites-enabled/default
authorize {
 lockout_check
 .....
 }
post-auth {
 Post-Auth-Type REJECT {
 lockout_incr
 }
 .....
 }

Have fun!