D'Arcy J.M. Cain wrote: > So why would packets continue to come in for 2.5 hours? My guess is > that the hacker is keeping the connection open and attacking over it > for 2.5 hours. Does the packet filter not apply to existing > connections? Is there some way to change that behaviour?
Yes, that's how stateful firewalls work. Existing states don't evaluate the ruleset. You probably want to look into pfctl -k.
