Date: Sat, 10 Oct 2009 08:12:38 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Svante Kvarnstrom <sjk@ankeborg.nu> Cc: freebsd-questions@freebsd.org Subject: Re: Security blocking question Message-ID: <4AD033E6.9090600@infracaninophile.co.uk> In-Reply-To: <D45A64E1-88B2-4EEB-9B9E-08FE4AF5D55A@ankeborg.nu> References: <526808.11391.qm@web56207.mail.re3.yahoo.com> <4ACFB17A.1080400@infracaninophile.co.uk> <D45A64E1-88B2-4EEB-9B9E-08FE4AF5D55A@ankeborg.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig7A3D24CF0456EA442CB4BA29
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Svante Kvarnstrom wrote:
>=20
> On Oct 9, 2009, at 11:56 PM, Matthew Seaman wrote:
>=20
>> plus you'll need to add a cron job to clear old entries out of the=20
>> ssh-bruteforce
>> table after a suitable amount of time has passed. Use expiretable to =
do
>> that.
> I believe that security/expiretable is superfluous nowadays since pfctl=
=20
> supports the -T expire directive.
Yes -- that is true. Seems '-T expire' works in 7-STABLE and 7.1-RELEASE=
,
7.2-RELEASE -- not sure about older versions though.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig7A3D24CF0456EA442CB4BA29
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAkrQM/AACgkQ8Mjk52CukIyuZgCbB39JHuASNLxRSzltzu4jSUJl
N04AnjkiCILvN1XN1Gy/pDfXdo4PwFfc
=BCdo
-----END PGP SIGNATURE-----
--------------enig7A3D24CF0456EA442CB4BA29--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AD033E6.9090600>