Svante Kvarnstrom wrote:


On Oct 9, 2009, at 11:56 PM, Matthew Seaman wrote:

plus you'll need to add a cron job to clear old entries out of the ssh-bruteforce
table after a suitable amount of time has passed.  Use expiretable to do
that.

I believe that security/expiretable is superfluous nowadays since pfctl supports the -T expire directive.

Yes -- that is true.  Seems '-T expire' works in 7-STABLE and 7.1-RELEASE,
7.2-RELEASE -- not sure about older versions though.

        Cheers,

        Matthew

--
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                 Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to