<tables>
Thanks for the reply Chris;
I can duplicate what happened and I find it odd to say the least. This is what I did to replicate the table emptying for some reason unknown to me:
Added an IP range to <ssh-violations>:
pfctl -t ssh-violations -T add 62.141.48.0/20
Ran:
pfctl -t ssh-violations -T show --- IP range is there
- Commented out <ssh-violations> rule eg:
# Tables: similar to macros, but more flexible for many addresses.
table <rfc1918> const { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
table <garbage> persist file "/etc/pf.garbage.txt"
table <whitelist> persist file "/etc/pf.whitelist.txt"
table <ssh-violations> persist file "/etc/ssh-violations.txt"
block in all
block drop in quick from <rfc1918> to any
block drop in quick from <garbage> to any
#block drop in quick from <ssh-violations> to any
pass in all
Tested:
pfctl -vvv -f /etc/pf.conf ; sleep 90 ; pfctl -vvv -f /etc/pf.conf.open
Loaded:
pfctl -vvv -f /etc/pf.conf
Ran:
pfctl -t ssh-violations -T show --- table is empty!!!!
Uncomment <ssh-violations>:
block in all
block drop in quick from <rfc1918> to any
block drop in quick from <garbage> to any
block drop in quick from <ssh-violations> to any
pass in all
Ran, test, loaded and "pfctl -t ssh-violations -T show", table is empty.
|