View Single Post
Old 10th January 2010
There0 There0 is offline
Join Date: Jul 2008
Posts: 170

I recieved a reply from Peter Hansteen himself which follows, I believe (as stated earlier) the "Block rules do not create state" is the problem on this.

Ah, so you want to block access to ssh and then for good measure add
those who try anyway to a table? There is no support for that in the
current PF syntax, sorry. Block rules do not create state.

One possible way to do what you're asking about would be to read the
pflog and extract the IP addresses from there for further processing.

The other option is to go with a pass rule with suitably restrictive
overload criteria.

- Peter
I asked him for any suggestions or tips about parsing pflog and extracting IP's and if there was a way to put them into a table or whatever was possible, awaiting a reponse on that question.
The more you learn, the more you realize how little you know ....
Reply With Quote