On Tue, Jul 09, 2019 at 11:03:36AM -0700, Thomas Smith wrote: > Hi, > > I'm considering an option to evaluate connecting IPs before they're evaluated > by `pf` in order to make some decisions about the "reputation" of a > connecting IP. Then if that reputation is low enough, some action could > either be taken: in `pf` to protect the associated application (say by > blocking the connection); or in the app responsible for the listening port.
That's what tables are for, usually, but you don't have a hook to decide beforehand... afaik