I noticed the "SMAC Rcon locker" plugin forcing sv_rcon_minfailuretime (number of seconds to track failed rcon authentications) to a value of 1, and sv_rcon_minfailures/maxfailures (number of times a user can fail rcon authentication before being banned) to 9999999.
This seems to break the anti-bruteforce IP banning completely, as nobody's going to fail a password 9999999 times within a timeframe of just 1 second.
Is there any reason behind this?
edit: After some googling, apparently there is (was?) an exploit crashing servers with incorrect password flood. I suppose that's why. Still feels a little iffy giving unlimited amount of tries with the password.