[nycbug-talk] pf tables
Dru
dlavigne6 at sympatico.ca
Sun Jul 30 16:20:16 EDT 2006
On Sun, 30 Jul 2006, Mischa Diehm wrote:
> A table can also be initialized with an address list specified in
> one or more external files, using the following syntax:
>
> table <spam> persist file "/etc/spammers" file "/etc/openrelays"
> block on fxp0 from <spam> to any
I'm still missing something as my persist file (which contained many 1000
IPs accumulated over the past few months) was somehow flushed when the
system rebooted. My /etc/pf.conf contains these relevant lines:
# grep bad /etc/pf.conf
table <bad_hosts> persist file "/var/log/bad_hosts"
block quick from <bad_hosts>
pass proto tcp to any port $tcp_services flags S/SA keep state
(max-src-conn 50, max-src-conn-rate 15/5 overload, <bad_hosts> flush global)
Dru
More information about the talk
mailing list