In article <20200528165448.ga22...@flueckiger.lan> Bruno Flueckiger
<inform...@gmx.net> wrote:
> On 26.05., Walter Alejandro Iglesias wrote:
> > I understand that this command:
> >
> > # pfctl -t spam -T expire <seconds>
> >
> > Takes in care the "Cleared" date:
> >
> > # pfctl -t spam -vT show
> > ___.___.22.65
> > Cleared: Mon May 25 16:10:22 2020
> > ___.___.167.62
> > Cleared: Mon May 25 16:10:22 2020
> > [...]
> >
> > Is there a way to save and restore tables metadata after a reboot
> > preserving those dates?
> >
>
> You can save the list of IPs in a table and reload it after a reboot as
> described here: https://www.bsdhowto.ch/savepftables.html
Nice website. ;-)
>
> As there is no way to save the dates the date for each IP will be set to
> the current date and time when load happens.
The interesting point and the reason of my concern is to choose a
convenient "expire time." With mail is problematic but with ssh, since
I know exactly whom I want to allow external access (just me,) I let
them accumulate. I block ssh attackers in the ssh port only, people
sharing those addresses are not affected. So, I thought, the only
concern in the ssh case was how much a big number of entries could
affect pf performance, till at some point my tables reached the memory
hard limit and I had to remove IPs arbitrarily. :-)
In summary, pfctl expire command does nothing after a reboot. Then you
have two options:
- To use a (cron) expire time significantly lower than the desirable.
- To expire entries when your tables are about to reach the memory
hard limit.
In both cases you'll probably suffer spam again from IPs that were
already blocked.
>
> Cheers,
> Bruno
>
>
Walter
