thank you for the help.
Thinking aloud here.
In my pf.conf i have
Code:
table <brute> persist file "/patho/brutelist"
Also run the below cron job every hour
Code:
/sbin/pfctl -t brute -T show >> /pathto/brutelist
If I delete file brutelist say every 3 days does the above cronjob recreate the persist file. I think probably not but want to clarify.
the command below
Code:
/sbin/pfctl -t brute -T replace -f /path/to/brutelist
will replace the in-memory table contents with the file data.
I want the ipaddresses in the table memory effective. As these will be of the most recent attacks. All I want to do is flush all data in the persist file and remove it from the table memory as well. But leave the recent table memory untouched.
Is this possible ?
Also do I really need a persist file. As say I could just run
Code:
pfctl -t brute -T expire 86400
and expire the tables every 24 hours. is there any real advantage with a persist file apart from being able to see the ipaddresses trying to bruteforce their way in.