Date: Sat, 10 Oct 2009 08:12:38 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Svante Kvarnstrom <sjk@ankeborg.nu> Cc: freebsd-questions@freebsd.org Subject: Re: Security blocking question Message-ID: <4AD033E6.9090600@infracaninophile.co.uk> In-Reply-To: <D45A64E1-88B2-4EEB-9B9E-08FE4AF5D55A@ankeborg.nu> References: <526808.11391.qm@web56207.mail.re3.yahoo.com> <4ACFB17A.1080400@infracaninophile.co.uk> <D45A64E1-88B2-4EEB-9B9E-08FE4AF5D55A@ankeborg.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig7A3D24CF0456EA442CB4BA29 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Svante Kvarnstrom wrote: >=20 > On Oct 9, 2009, at 11:56 PM, Matthew Seaman wrote: >=20 >> plus you'll need to add a cron job to clear old entries out of the=20 >> ssh-bruteforce >> table after a suitable amount of time has passed. Use expiretable to = do >> that. > I believe that security/expiretable is superfluous nowadays since pfctl= =20 > supports the -T expire directive. Yes -- that is true. Seems '-T expire' works in 7-STABLE and 7.1-RELEASE= , 7.2-RELEASE -- not sure about older versions though. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig7A3D24CF0456EA442CB4BA29 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkrQM/AACgkQ8Mjk52CukIyuZgCbB39JHuASNLxRSzltzu4jSUJl N04AnjkiCILvN1XN1Gy/pDfXdo4PwFfc =BCdo -----END PGP SIGNATURE----- --------------enig7A3D24CF0456EA442CB4BA29--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AD033E6.9090600>