From owner-freebsd-questions@FreeBSD.ORG  Wed Nov  9 08:31:59 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 80AD116A41F
	for <freebsd-questions@freebsd.org>;
	Wed,  9 Nov 2005 08:31:59 +0000 (GMT)
	(envelope-from lists@servingpeace.com)
Received: from smtp.servingpeace.com (servingpeace.com [69.55.225.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4976943D53
	for <freebsd-questions@freebsd.org>;
	Wed,  9 Nov 2005 08:31:59 +0000 (GMT)
	(envelope-from lists@servingpeace.com)
Received: from [10.0.0.30] (adsl-68-125-161-145.dsl.pltn13.pacbell.net
	[68.125.161.145])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.servingpeace.com (Postfix) with ESMTP id DA34DBA224;
	Wed,  9 Nov 2005 00:31:58 -0800 (PST)
Message-ID: <4371B3FC.5090109@servingpeace.com>
Date: Wed, 09 Nov 2005 00:31:56 -0800
From: Sam Nilsson <lists@servingpeace.com>
User-Agent: Thunderbird 1.5 (Macintosh/20051025)
MIME-Version: 1.0
To: Dave <dmehler26@woh.rr.com>
References: <004c01c5e486$23d5c550$0900a8c0@satellite>
In-Reply-To: <004c01c5e486$23d5c550$0900a8c0@satellite>
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: bruteforce not restarting pf?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2005 08:31:59 -0000

Dave wrote:
> Checking my bruteforce table ;i see 163.13.111.172/32 in it, so it was 
> added, but i don't get why future connections were permitted unless pf 
> was not restarted or informed about the updated table.

which table are you checking? the in-memory table that pf uses or the 
on-disk table? are you saying that the ip is inserted into the text file 
but that it doesn't get added to the firewall? the way my setup works, 
bruteforceblocker.pl updates the text file *and* runs pfctl to update 
the firewall since AFAIK, the firewall doesn't watch the text file for 
changes.

Make sure that you edit the settings in the bruteforceblocker.pl script 
itself. For instance, if your firewall table (the one in memory) isn't 
getting updated, make sure that you have the $pfctl variable setup 
correctly.

- Sam