> On Jun 15, 2012, at 12:55 PM, Shiv. Nath wrote:
>
>> # START
>> table bruteforce persist
>> block in log quick from bruteforce
>>
>> pass in on $ext_if proto tcp \
>> from any to $ext_if port $trusted_tcp_ports \
>> flags S/SA keep state \
>> (max-src-conn-rate 3/300, overload bruteforce flush global)
>>
>> # END
>>
>> AND CRON:
>> */12 * * * * /sbin/pfctl -t ssh-bruteforce -T expire 604800 >/dev/null
>> 2>&1
>>
>> What is the function "expire 604800" are they entries in the table?
>> should it be -t bruteforce or -t ssh-bruteforce
>
>
> It refers to entries in the table specified by the "-t" option and
> instructs pf to expire (remove from the table) all entries older than the
> specified time (in seconds).  Basically, the value 604800 will expire
> entries older than 1 week.
>
> For the above pf rules, the cron entry should be "-t bruteforce" (although
> in the pf rules you should be using "<bruteforce>").
>
> Cheers,
>
> Paul.
>
> _______________________________________________
> freebsd-stable@free... mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@free..."
>

Dear Metthew & Paul,

Thank you very much for your time, efforts and energy to help me
configuring PF. Metthew also advised to create white, so that i do not
lock myself. i have have to yet look at it.

i will get in touch if i require more help. Thanks

Regards



_______________________________________________
freebsd-stable@free... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@free..."