You don't really need the file on disk. The only reason you would want that is the reason why I dump the table contents to disk every hour: in case of a crash or a reboot, I use the persist file to re-populate the table (so, at boot-time, I run something like '/sbin/pfctl -t brute -T replace -f /path/to/brutelist', which will populate the table with the entries of the last backup.
Having a file on disk is not a necessity if you don't mind starting with an empty table after a reboot.
Mind: using 'expire 86400' will clear the entries that are > 24h old. All entries that are < 24h will remain untouched. You will normally run that command every hour, not once a day.
Last edited by DutchDaemon; 3rd February 2009 at 01:46 PM.
|