On Feb 7, 2013 11:20 PM, "Jan Stary" <h...@stare.cz> wrote: > > On Feb 07 21:31:11, martijn...@gmail.com wrote: > > Thanks for all the quick responses, but if I understand you all > > correctly there is no way to cut off an established connection by adding > > an ip address to a blocked table, so I'm still left with my two stage > > drop off the connection (both adding the the ip to the table and killing > > the connection manually). > > Yes; these are two distinct actions: > 1. killing an active connection (pfctl -k) > 2. adding a host to a table (pfctl -t) > (whatever it may mean in the ruleset)
Swap the order.
