On Tue, 23 Jan 2007 21:07:08 +0100 Joerg Sonnenberger <[EMAIL PROTECTED]> wrote:
> > I don't think that can be done easily. Have you tought about just > limiting the number of connections for the host/net? See max-src-states. > Well, that is not an option in my case, because I need to get the banned IPs since they are static and I have to make sure no such connections are permitted to go through my firewall until the client machine's disinfection. It is easier for me and more secure. Thanks for the answer anyway, I'll probably give it a try, it's more than nothing, though I could just play with a script that processes pfctl -si output and executes pfctl -T infected -t add ip, since the destination ports being swept are well-known. -- Gergo Szakal <[EMAIL PROTECTED]> University Of Szeged, HU Faculty Of General Medicine /* Please do not CC me with replies, thank you. */
