Iqigo Ortiz de Urbina napisa:
You could also take a look at the match, tag and tagged keywords in
pf.conf.
Additionally, you may require parsing your custom logs (pflogN
interfaces or binary logs in /var/log/) in order to populate your
tables for use in the main ruleset or anchors.
Have a nice day,
Iqigo
Thank you so much for pointing me in the right direction - I wasn't
aware of /dev/pflog interface, I just wrote simple program to sniff
packets going through it and to add host to appropriate table if I don't
like the activity I see there
Thanks again,
Ivan
