On Feb 07 21:31:11, martijn...@gmail.com wrote: > Thanks for all the quick responses, but if I understand you all > correctly there is no way to cut off an established connection by adding > an ip address to a blocked table, so I'm still left with my two stage > drop off the connection (both adding the the ip to the table and killing > the connection manually).
Yes; these are two distinct actions: 1. killing an active connection (pfctl -k) 2. adding a host to a table (pfctl -t) (whatever it may mean in the ruleset)
