On 2025-11-24, W. D. Sadeep <[email protected]> wrote: > Hello, > > I'm thinking of blocking bad IPs using PF tables persisted to a file. I > would like to use a cron job to periodically analyze access logs and > update the PF table. I'd like some advice on how best to set it up: > > 1. Keep the file in /etc/ (e.g., /etc/pf.badbots), set restrictive > permissions (chmod 0600), and run the script under root's crontab. > 2. Keep the file in a dedicated cron job user's directory, allow that > user to modify the file via the cron job, and use it in pf.conf. > > I'm inclined to go with #1. Is that okay? Thanks in advance!
parsing logs as root is a *terrible* idea -- Please keep replies on the mailing list.
