I recieved a reply from Peter Hansteen himself
which follows, I believe (as stated earlier) the "Block rules do not create state" is the problem on this.
Quote:
Ah, so you want to block access to ssh and then for good measure add
those who try anyway to a table? There is no support for that in the
current PF syntax, sorry. Block rules do not create state.
One possible way to do what you're asking about would be to read the
pflog and extract the IP addresses from there for further processing.
The other option is to go with a pass rule with suitably restrictive
overload criteria.
- Peter
|
I asked him for any suggestions or tips about parsing pflog and extracting IP's and if there was a way to put them into a table or whatever was possible, awaiting a reponse on that question.