Hi >From time to time I have some attacks to my SIP PBX. I like to block them on my OpenBSD box which stands in front of it. The problem I'm facing is that the attackers IP has already a state in the state table and the block rule I insert simply does nothing.
In the state table I see the following: all udp my_ip:5060 <- attacker_ip:5231 MULTIPLE:MULTIPLE all udp attacker_ip:5231 -> my_ip:5060 MULTIPLE:MULTIPLE in /etc/pf.conf at the top I have the following table <badguys> {attacker_ip} block out quick to {<badguys>} block in quick from {<badguys>} After clearing all states with pfctl -F states the connection is blocked. Is there a way to: - clear a single state? - to block a packet even with a established state ? Regards Matthias -- Matthias Cramer, Erachfeldstrasse 1b, CH-8180 Bülach http://www.freestone.net GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]