On Thu, 28 Jun 2007 09:02:43 -0500 "J.D. Bronson" <[EMAIL PROTECTED]> wrote:
> At 08:56 AM 06/28/2007, Stuart Henderson wrote: > >On 2007/06/28 08:46, J.D. Bronson wrote: > > > Will NEW offenders be added to /etc/tables/scanners > > > as they are discovered and therefore not just remain in kernel? > > > >No, pf does not write to files. > >How about cron(8) and pfctl(8) instead? > > so if it wont write to a file...I presume it blocks > whats listed in /etc/tables/scanners permanently and then only > blocks NEW offenders via kernel memory? > (can someone clarify my understanding of that? > > I would ideally like to stop attacks and then write the offenders in a file > so I dont loose these during a reboot... > > what if I cron something like this: > > pfctl -t scanners -T show >> /etc/tables/scanners > pfctl -f /etc/pf.conf > > Would that work?? > The persist thing got me at first too, but the FAQ is quite clear and does not actual say it writes anywhere. I just assumed it for reasons beyond this discussion. Anyway, persist keeps it even if no rules are not using it. The file part is strictly for pre-populating when pf starts up. I am not sure why you have both of those... the top line to output would be fine, and have your pf ruleset use the file at startup to read them in.