Everything seems to work perfect now. I modified even more my pf.conf file, mainly the "max-src-conn" and "max-src-conn-rate" numbers to get the desired results but I ran into another question.
I blocked an attacker with the ip 77.xx.xx.x and I saw the ip at the bruteforce table with
Code:
>sudo pfctl -t bruteforce -T show
77.xx.xx.x
When I changed the max-src-conn-rate and reloaded my pf.conf with
Code:
>sudo pfctl -f /etc/pf.conf
I decided to check the bruteforce table again and it was empty. Does the table reset every time I reload my pf.conf file or if I restart my pc? Why is this happening? I mean the table is persisted (therefore it can be updated) but at the same time I have created a file which contains the table logs with
Code:
table <bruteforce> persist file "/etc/bruteforce"
[edit]:
for anyone else having trouble figuring this out (
if my way is wrong, please correct me)
I found the way to save entries with
Code:
sudo pfctl -t bruteforce -T show >/etc/bruteforce
but I was getting the error
Code:
ksh: cannot create /etc/bruteforce: Permission denied
So with
Code:
sudo chmod g+w bruteforce
I change permissions and now entries are saved!
I hope not so bad for a complete newbie.
