On Thu, Jan 09, 2003 at 09:52:56PM +0100, Cedric Berger wrote: > There is a "table" feature that has just been commited to the kernel. > You can write in pf.conf: > > table <snortblacklist> persist > block in from <snortblacklist> to any > > And then, your snort box can do the following: > ssh firewall pfctl -t snortblacklist -Ta 192.168.0.1
Niceeee. Btw, what's the main difference between tables and anchors? // haver