https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282984
--- Comment #5 from Rob LA LAU <free...@ohreally.nl> --- Created attachment 255471 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=255471&action=edit Reset statistics for IP if counter In/Block > 0 Hi Leonid, I was not going to respond to this feature request anymore, but you're making me... :) I agree that 'expire' is also a superfluous function. But it can't be removed anymore, as too many people depend on it now. However, I don't think that that could/should be a reason to add more superfluous functionality. I've always been an advocate for lean and light software. Besides, the Unix way is to have small and simple building blocks, that the sysadmin/programmer/user ties together to obtain the result (s)he needs. The attached Bash script does what you need. I hereby release it into the public domain. Save it as /usr/local/sbin/pf-reset and make it executable. You will obviously need to have these patches for bug #282877 applied to your system: https://reviews.freebsd.org/D47698 https://reviews.freebsd.org/D47697 (They have already been committed to the main branch.) Call the script with a table name as first parameter, and the string 'noverify' as an optional second parameter. Without the 'noverify' parameter the script will display the IP addresses for which the statistics will be reset + the counter, and ask you if you want to continue. Examples: # pf-reset blocked # pf-reset blocked noverify && pfctl -t blocked -T expire 1209600 Have fun! Rob -- You are receiving this mail because: You are the assignee for the bug.
