Re: Restore pf tables metadata after a reboot

2020-06-04 Thread Brian Brombacher
No reason to expire ssh brute force. They will never stop. Manual flush if someone accidentally locked themselves out. Just my two cents :) > On Jun 4, 2020, at 12:48 AM, Anatoli wrote: > >  >> >> Even then it seems that some of them turn up again pretty much >> instantly after expiry. >

Re: Restore pf tables metadata after a reboot

2020-06-04 Thread Anatoli
> Even then it seems that some of them turn up again pretty much > instantly after expiry. You could update the expire time on each new connection/port scan attempt. This way you could put say 4 days expire time and block these IPs on all ports on all your systems and new connection attempts

Re: Restore pf tables metadata after a reboot

2020-05-30 Thread Peter Nicolai Mathias Hansteen
> 30. mai 2020 kl. 11:54 skrev Walter Alejandro Iglesias : > > The problem is most system administrators out there do very little. If > you were getting spam or attacks from some IP, even if you report the > issue to the respective whois abuse@ address, chances are attacks from > that IP won't

Re: Restore pf tables metadata after a reboot

2020-05-30 Thread Walter Alejandro Iglesias
In article Peter Nicolai Mathias Hansteen wrote: > It is a possibly desirable feature, but I an not aware whether any of the > currently capable developers are considering putting in the work to implement > it. > Let me finish the idea, not with the intention to pressure developers asking

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Peter Nicolai Mathias Hansteen
> 29. mai 2020 kl. 19:23 skrev Walter Alejandro Iglesias : > Could you summarize here which part of these articles of yours answer my > original question, please? > > For example, this list you share (linked in your article): > > https://home.nuug.no/~peter/pop3gropers_full.txt > > It would

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Walter Alejandro Iglesias
Hello Peter, In article Peter Nicolai Mathias Hansteen wrote: > > 28. mai 2020 kl. 19:09 skrev Bruno Flueckiger : > > > > > > You can save the list of IPs in a table and reload it after a reboot as > > described here: https://www.bsdhowto.ch/savepftables.html > > > I have a similar setup

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Peter Nicolai Mathias Hansteen
> 28. mai 2020 kl. 19:09 skrev Bruno Flueckiger : > > > You can save the list of IPs in a table and reload it after a reboot as > described here: https://www.bsdhowto.ch/savepftables.html I have a similar setup at bsdly.net , only I dump the tables to file and run expiry

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Bruno Flueckiger
On 29.05., Walter Alejandro Iglesias wrote: > In article <20200528165448.ga22...@flueckiger.lan> Bruno Flueckiger > wrote: > > On 26.05., Walter Alejandro Iglesias wrote: > > > I understand that this command: > > > > > > # pfctl -t spam -T expire > > > > > > Takes in care the "Cleared" date:

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Walter Alejandro Iglesias
In article <20200528165448.ga22...@flueckiger.lan> Bruno Flueckiger wrote: > On 26.05., Walter Alejandro Iglesias wrote: > > I understand that this command: > > > > # pfctl -t spam -T expire > > > > Takes in care the "Cleared" date: > > > > # pfctl -t spam -vT show > > ___.___.22.65 >

Re: Restore pf tables metadata after a reboot

2020-05-28 Thread Bruno Flueckiger
On 26.05., Walter Alejandro Iglesias wrote: > I understand that this command: > > # pfctl -t spam -T expire > > Takes in care the "Cleared" date: > > # pfctl -t spam -vT show > ___.___.22.65 > Cleared: Mon May 25 16:10:22 2020 > ___.___.167.62 > Cleared:

Re: Restore pf tables metadata after a reboot

2020-05-26 Thread Walter Alejandro Iglesias
On Tue, May 26, 2020 at 11:25:21PM +0200, Anders Andersson wrote: > On Tue, May 26, 2020 at 2:14 PM Walter Alejandro Iglesias > wrote: > > > > I understand that this command: > > > > # pfctl -t spam -T expire > > > > Takes in care the "Cleared" date: > > > > # pfctl -t spam -vT show > >

Re: Restore pf tables metadata after a reboot

2020-05-26 Thread Anders Andersson
On Tue, May 26, 2020 at 2:14 PM Walter Alejandro Iglesias wrote: > > I understand that this command: > > # pfctl -t spam -T expire > > Takes in care the "Cleared" date: > > # pfctl -t spam -vT show > ___.___.22.65 > Cleared: Mon May 25 16:10:22 2020 > ___.___.167.62 >

Restore pf tables metadata after a reboot

2020-05-26 Thread Walter Alejandro Iglesias
I understand that this command: # pfctl -t spam -T expire Takes in care the "Cleared" date: # pfctl -t spam -vT show ___.___.22.65 Cleared: Mon May 25 16:10:22 2020 ___.___.167.62 Cleared: Mon May 25 16:10:22 2020 [...] Is there a way to save and