Date: Thu, 5 Oct 2017 11:25:14 +1100 (EST) From: Dave Horsfall <dave@horsfall.org> To: FreeBSD PF List <freebsd-pf@freebsd.org> Subject: Re: Rate-limiting in PF Message-ID: <alpine.BSF.2.21.1710051116480.73049@aneurin.horsfall.org> In-Reply-To: <3dc9c2a9-ae68-1e56-d2b1-12530772690f@unsane.co.uk> References: <alpine.BSF.2.21.1710010949380.73049@aneurin.horsfall.org> <alpine.BSF.2.21.1710050853400.73049@aneurin.horsfall.org> <3dc9c2a9-ae68-1e56-d2b1-12530772690f@unsane.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 5 Oct 2017, Vincent Hoffman-Kazlauskas wrote: > What rules do you have that act on that table? ie do you have a block > rule like > > block drop quick from <woodpeckers> to any? Ah; I forgot to show that bit: # block in log quick on $ext_if from <woodpeckers> block in quick on $ext_if from <woodpeckers> The "drop" is implied, AFAIK. > is anything added to the table (pfctl -t woodpeckers -T show) I have lots of them because I've been adding them by hand, but this time I'll hold back and observe, just to be sure. > If there is dont forget to expire them after a while unless you want > them permanently banned, a cron with something like "pfctl -t > woodpeckers -T expire 3600" iirc I never expire spammers; I'd prefer that they expired instead :-) Once a Pee-Cee has been 0wn3d, it tends to stay that way because the former owner is too stupid to realise it. After all, there are two sorts of Windoze boxes: those that are compromised, and those that soon will be... -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.21.1710051116480.73049>