Alexander Hall wrote:
Rico wrote:
I am using this 'table <sshdtrolls> persist file "/root/pf/sshdhackers"'
I don't get any entries in the sshdhackers file and I don't get
blocked from the system.
A table modification is not automatically added to the file the table
was once populated from. Use
# pfctl -t sshdtrolls -T show > /root/pf/sshdhackers
for that.
I know -) I am using Swatch to try to append to the file and then Swatch
is making pf reading the file again.
I can't make this work though.
Concerning not being blocked, do you have this too?
Yes :-)
and a rule
#stop ssh trolls
block in log quick on $EXT_IF inet proto {tcp,udp} from <sshdtrolls>
to $EXT_IF port ssh label "SSHDTrolls"
/Alexander
.
