I use a very basic pf.conf on a web server to drop known problem IPs
pf.conf:
Code:
# Tables: similar to macros, but more flexible for many addresses.
table <rfc1918> const { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
table <garbage> persist file "/etc/pf.garbage.txt"
table <whitelist> persist file "/etc/pf.whitelist.txt"
table <ssh-violations> persist file "/etc/ssh-violations.txt"
block in all
block drop in quick from <rfc1918> to any
block drop in quick from <garbage> to any
block drop in quick from <ssh-violations> to any
pass in all
The <garbage> table had thousands of IPs in it before the rule "block drop in quick from <garbage> to any" was commented out while tracking down a problem. Pf.conf was tested and reloaded using:
pfctl -vvv -f /etc/pf.conf ; sleep 90 ; pfctl -vvv -f /etc/pf.conf.open
pfctl -vvv -f /etc/pf.conf
The problem had nothing to do with any IP in the <garbage> table and the rule was rule was re-enabled. Now when I use "pfctl -t garbage -T show" the table is empty.
pfctl -sa -r -vvv | less - loaded rules with line numbers
Is this normal or am I missing something ?
Thanks