Daniel Hartmeier wrote:
The timestamp is reset when you flush and reload the table with
# pfctl -t bruteforce -Ts >/etc/bruteforce
# pfctl -t bruteforce -Tf
# pfctl -t bruteforce -Ta -f /etc/bruteforce
Hmm, that't bad that there is no way to clear address stats without
flushing the table. Actually, there is a function in the kernel and
pfctl library (pfr_clr_astats) - We just forgot to implement it in
the pfctl tool. If nobody beats me, I'll look into doing that, as it
is probably a very short patch.
It should by possible to do:
/* clear two address */
# pfctl -t bruteforce -T? 1.2.3.4 5.6.7.8
/* clear all */
# pfctl -t bruteforce -Ts | pfctl -t bruteforce -T? -f -
I guess the hardest part would be to find a suitable word/letter
for '?'... suggestion?
Cedric
