Hello misc, Today I watch the current connections on my small home server and I noticed an unfamiliar ftp-connection. Upon inspecting the connection I noticed it was a brute force attack, so I fired up my pfctl-utility and tried to block the attack by adding the ip to my quick drop table. After adding the ip to the table I noticed that the connection was still happily active and even reloading my entire ruleset with pfctl -f /etc/pf.conf didn't help, so I resorted to tcpdrop.
My question is, is it possible to destroy an active connection by something like adding an ip to a drop quick table (did I miss a certain flag?) or do I, in an event that something like this happens again, always have to perform a two stage drop? Sincerely, Martijn
