look in 'man pfctl' and search for killing active sessions.
On Thu, Feb 7, 2013 at 12:13 PM, Martijn van Duren <martijn...@gmail.com> wrote: > Hello misc, > > Today I watch the current connections on my small home server and I > noticed an unfamiliar ftp-connection. Upon inspecting the connection I > noticed it was a brute force attack, so I fired up my pfctl-utility and > tried to block the attack by adding the ip to my quick drop table. > After adding the ip to the table I noticed that the connection was still > happily active and even reloading my entire ruleset with pfctl > -f /etc/pf.conf didn't help, so I resorted to tcpdrop. > > My question is, is it possible to destroy an active connection by > something like adding an ip to a drop quick table (did I miss a certain > flag?) or do I, in an event that something like this happens again, > always have to perform a two stage drop? > > Sincerely, > > Martijn