> Tr0go wrote: > > > > table <bruteforce> persist <...> > > BUT, surprisingly at some time the table > > "self cleaned"
nahh, you reloaded pf :) that's how this happens to everyone i've run across, myself included. > > "persist" keyword should keep all those enemys' IP > > until next reboot, isn'it ? no. you are not the first one to think 'persist' means 'immutable no matter what'. that bit me in the ass a few times. all 'persist' does is makes that table stay populated even if there is no rule that makes reference to the table. it's pretty clear when you go back and read the manpage... :/ in my case, i had read about 'persist', put it in as a rule of thumb, and not had to worry about it; since i never really needed to use it for its intended purpose, i believe my perception of the meaning of 'persist' mutated to be what i wanted it to really mean; which is what you thought up there too.. so far, i've seen people populate tables from a file which they write to however often to keep it up to date, and i've seen people write 'reload-pf' scripts who take certain tables, copy the contents out to $WHATEVER, reload the ruleset, and then repopulate the tables after the pfctl -f is done. -- jared [ openbsd 3.9-beta GENERIC ( jan 30 ) // i386 ]
