> ...Guess i should take a look at the authpf and pfctl code.... Or just look at anchors in the -current code.
Basically, find the spot in the ruleset where you want to insert your rules, and drop an "anchor attacks" in there. Then, for an attack in progress, do a: echo 'block in quck from $attacker to any' | pfctl -a attacks -R -f - Alternately, you can now use tables for that purpose. In fact, that may be even more useful, as you can add/remove hosts from the table on the fly, without disturbing the existing entries. What is being said here is: you don't need a utility. you will be able to do it from the command line. (effectively, pfctl *IS* the API) -kj