On Thu, Aug 27, 2009 at 4:59 PM, Ivan Radovanovic<riv...@gmail.com> wrote: > Thanks for your respone. If I understand you correctly pf kernel module > actually supports operating with tables based on positive conditions (ie not > only when rule is broken, but also when rule is true), and the way to define > rules of that kind is using directly some of IOCTLs documented in pf(4)? > Plese confirm if that is true, since I couldn't find that kind of > functionality with pfctl(8) (I tried making conditions with > max-src-conn-rate set to 0 with idea that making one connection will break > this rule so I could add ip in table that way, but pfctl(8) is too smart to > accept rules with max-src-conn-rate set to 0)
There is no need to write any C code with pf(4) ioctls. A simple pf.conf should get you what you want. What do you mean by max-src-conn-rate set to zero? I think you are needlessly complicating things. If your goal is to send reset, then you can always do them with pf in a much more straight forward manner. set block-policy return <bad-guys> Try to keep things simple. -Girish -- Gayatri Hitech web: http://gayatri-hitech.com SpamCheetah Spam filter: http://spam-cheetah.com