On Jun 15, 2012, at 12:55 PM, Shiv. Nath wrote: > # START > table bruteforce persist > block in log quick from bruteforce > > pass in on $ext_if proto tcp \ > from any to $ext_if port $trusted_tcp_ports \ > flags S/SA keep state \ > (max-src-conn-rate 3/300, overload bruteforce flush global) > > # END > > AND CRON: > */12 * * * * /sbin/pfctl -t ssh-bruteforce -T expire 604800 >/dev/null > 2>&1 > > What is the function "expire 604800" are they entries in the table? > should it be -t bruteforce or -t ssh-bruteforce
It refers to entries in the table specified by the "-t" option and instructs pf to expire (remove from the table) all entries older than the specified time (in seconds). Basically, the value 604800 will expire entries older than 1 week. For the above pf rules, the cron entry should be "-t bruteforce" (although in the pf rules you should be using "<bruteforce>"). Cheers, Paul. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
