On 6/28/07, Martin Schrvder <[EMAIL PROTECTED]> wrote: > > 2007/6/28, J.D. Bronson <[EMAIL PROTECTED]>: > > so if it wont write to a file...I presume it blocks > > whats listed in /etc/tables/scanners permanently and then only > > blocks NEW offenders via kernel memory? > > (can someone clarify my understanding of that? > > Do you really need a file? In my experience blocking the offenders for > 1h is enough; they very rarely come back later. > > Best > Martin > >
I'm the one who started this thread. If I can block them for an hour without a table that would be even better.. I was using the file to store the IP's as they were identified by the rule and had been planning to use the expiretable package to start clearing the table via Cron. Currently I just do it manually about once a week or so. I've read the man page for pf.confbut did not see how I could block them for a set period of time. Could someone elaborate on how this is done? Steve
