Hello again everybody, With the overload-option in PF it's possible to block connections from hosts wich break my FW-Rules like e.g. too many connection in n Minutes. 'overload' will include the IP into a table and flush every connection created by this IP.
I would like to know if there's any timeming-option how long an IP should be banned? During my experience with Bot-Networks I know that the most Bots infect computers wich have a dynamic IP. So if a Bot-infected Computer or a "bad guy" tries e.g. to DDoS a Webserver using HTTP-Get or SYN the IP of the "bad guy" will be added to the table and blocked. But because the most IPs in the internet are "dynamic" it would affect also other ppl. who get an IP wich was in use by an attacker. I found (during reading the pf-Manual) no option wich specifies how long such IPs should be banned. For now I use a CronJob to flush this table and remove every entry e.g. one time each hour. The CronJob itself is just a workaround for me so like to ask if it's possible to enable a timer-like mechanism for such IPs so that every IP will be blocked for at least e.g. 1 hour or n Minutes? If such a mechanism exist pls. advice me because I didn#t found it until now and the CronJob-Solution itself isn't the best solution at all. :-/ Kind regards, Sebastian -- Don't buy anything from YeongYang. Their Computercases are expensiv, they WTX-powersuplies start burning and their support refuse any RMA even there's still some warenty.
