On Mon, Oct 5, 2015 at 5:18 PM, Kapetanakis Giannis
<bil...@edu.physics.uoc.gr> wrote:
> On 06/10/15 01:04, Abel Abraham Camarillo Ojeda wrote:
>>
>>
>> That's nice, but how do you log-out inactive users/IPs?
>> There is no such option in pf
>> a) expire after a certain amount of time and/or
>> pfctl -t loggedusers -T expire 3600 # expire after one hour,
>> regardless of activity
>
>
> you're right on this. I'm also using it for bruteforcers but I've forgot.
> My main concern is inactive users.
>
> G
>
# i think you can do that with two tables
table <loggedusers2> counters persist
run every hour:
# ${script that reads pfctl table and reads addresses with counters in zero};
# pfctl -t loggedusers2 -T zero; # zero remaining users counters
I've a script that does the first, but probably should be written a
_lot_ better...
~
