On Thu, 5 Oct 2017, Vincent Hoffman-Kazlauskas wrote:
What rules do you have that act on that table? ie do you have a block rule like block drop quick from <woodpeckers> to any?
Ah; I forgot to show that bit: # block in log quick on $ext_if from <woodpeckers> block in quick on $ext_if from <woodpeckers> The "drop" is implied, AFAIK.
is anything added to the table (pfctl -t woodpeckers -T show)
I have lots of them because I've been adding them by hand, but this time I'll hold back and observe, just to be sure.
If there is dont forget to expire them after a while unless you want them permanently banned, a cron with something like "pfctl -t woodpeckers -T expire 3600" iirc
I never expire spammers; I'd prefer that they expired instead :-) Once a Pee-Cee has been 0wn3d, it tends to stay that way because the former owner is too stupid to realise it. After all, there are two sorts of Windoze boxes: those that are compromised, and those that soon will be...
-- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
