[CDBUG-talk] pfctl -t table -T add foo.bar (so what happens on reboot?)

Patrick Muldoon doon at inoc.net
Thu Oct 6 09:28:18 EDT 2005


On Oct 6, 2005, at 9:17 AM, Jonathan Franks wrote:

> /sbin/pfctl -t mytable -Treplace -f /etc/mytablefile
>
>
> Hey thanks for the info. I've managed to dump the table to a file  
> and reconfigure.  I was reading something on misc@, and I'm now  
> thinking of adding a cron job to replace the file with the table  
> contents every night. I'm having great fun with this.
>
> Anyhow thanks again.
>
> -Jonathan
>

As seen on a openbsd list...  some protection to deal with this pesky  
dictionary attacks (at the moment the only port I allow in in  
tcp_services is ssh) but have been seeing an increase (again) in ssh  
password guessing attacks.

 From my crontab.. Dump table crackers ever hour.
0    *    *    *    *   /sbin/pfctl -t crackers -Tsh > /etc/tables/ 
crackers


from pf.conf

#tables
table <crackers> persist file "/etc/tables/crackers"

--snip--

pass in on $ext_if inet proto tcp from any to ($ext_if) \
    port $tcp_services flags S/SA modulate state \
    (max-src-conn 5, max-src-conn-rate 4/60, overload <crackers>  
flush global)


--
Patrick Muldoon
Network/Software Engineer
INOC (http://www.inoc.net)
PGPKEY (http://www.inoc.net/~doon)
Key ID: 0x370D752C

"Pinky, you've left the lens cap of your mind on again."
- The Brain




More information about the CDBUG-talk mailing list