Hi all!
I wasn't subscribed to the list a bit ago, so I can't really reply to the
thread that just talked about this. I'm faking it a bit though :)
I had most of the underlying code ready or on the way anyway, so I slapped
a small program around it as a (real world) test. Comments,
change-requests are welcome.
There are some things to note though. This program needs to be run as a
user with read/write permission to /dev/pf. As with all unknown things
that need to be run as the superuser or similar there is always the chance
this one will cause death and destruction, so use at your own risk. It
WorksForMe<tm>, don't blame me if your cat grows another eye, and so on
and so forth.
There is another thing. The 'cleared' timestamp of an address is not reset
when you try to add an address that is already in the table.
Syntax is:
expiretable [-v] [-p] [-a anchor] [-t age] table
Options mean:
-v Be verbose. Use twice for more verbosity
-p Pretend. Just go through the motions,
don't actually delete any entries.
-a anchor Anchor
-t An address maximum age, in seconds. Default
is 3 hours.
table Name of the table to scan for old entries.
Example:
expiretable -vvp -t 3600 int.users
This removes all entries with a 'Cleared' (as in the
'pfctl -vT show' output) value older than now-3600
seconds from table int.users.
Get it here in all its glorious untestedness:
http://fnord.se/expiretable.tar.gz
// Henrik Gustafsson
