[nycbug-talk] pf tables
Okan Demirmen
okan at demirmen.com
Sun Jul 30 16:57:28 EDT 2006
On Sun 2006.07.30 at 16:20 -0400, Dru wrote:
>
>
> On Sun, 30 Jul 2006, Mischa Diehm wrote:
>
> > A table can also be initialized with an address list specified in
> > one or more external files, using the following syntax:
> >
> > table <spam> persist file "/etc/spammers" file "/etc/openrelays"
> > block on fxp0 from <spam> to any
>
>
> I'm still missing something as my persist file (which contained many 1000
> IPs accumulated over the past few months) was somehow flushed when the
> system rebooted. My /etc/pf.conf contains these relevant lines:
>
> # grep bad /etc/pf.conf
>
> table <bad_hosts> persist file "/var/log/bad_hosts"
>
> block quick from <bad_hosts>
>
> pass proto tcp to any port $tcp_services flags S/SA keep state
> (max-src-conn 50, max-src-conn-rate 15/5 overload, <bad_hosts> flush global)
pfctl(8) will *populate from* a file; it doesn't mean it (what is "it"?
- there is none) also sync's back to the file. you need to dump your
table in rc.shutdown(8) or in a cron(8) job - which ever fits the bill.
More information about the talk
mailing list