From owner-freebsd-pf@FreeBSD.ORG Mon Mar 31 19:53:46 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC89F1065670 for ; Mon, 31 Mar 2008 19:53:46 +0000 (UTC) (envelope-from kian.mohageri@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176]) by mx1.freebsd.org (Postfix) with ESMTP id 865DF8FC24 for ; Mon, 31 Mar 2008 19:53:46 +0000 (UTC) (envelope-from kian.mohageri@gmail.com) Received: by py-out-1112.google.com with SMTP id u52so2535589pyb.10 for ; Mon, 31 Mar 2008 12:53:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=Kn9tiNj37q64O3cgvKIE+7J2sLPZEsW734AnKJOKWfU=; b=nQEQI6BL9jpc9uRIM9O1kWmTPWK8v4h5m0zhXQWMtwMn6LAPhfFKA1vL4hOXzEeuzEO926BJ6Beb1S1ZKBTvgNtZ1C2uWfZEBz6Lx6SrXQ/xR2jMyOqskIyDXA3RQo4sOGbczxai6eXJi9MfAuoFH6F+feG5MWQsy/ajzYsi+Kk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=YyMK040PR2EPYelFddBN/yR0E1Fw4/ifSHtXIawaV6OH/qZCTl+lBSuF4hEwz80CEty3QicKQPBTwKKmVTe5vYnSuFoNlyVOc6D0ya2G+eX6roq2kDcNALwvVB7dJIat6b51ePNH1KFO7VW6OAEmLN0KgL5HouNsS88qpzIRCVs= Received: by 10.65.73.16 with SMTP id a16mr14535254qbl.85.1206993225153; Mon, 31 Mar 2008 12:53:45 -0700 (PDT) Received: by 10.65.243.15 with HTTP; Mon, 31 Mar 2008 12:53:45 -0700 (PDT) Message-ID: Date: Mon, 31 Mar 2008 12:53:45 -0700 From: "Kian Mohageri" To: "Adam Vondersaar" In-Reply-To: <47F137A2.70400@calarts.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <47F137A2.70400@calarts.edu> Cc: freebsd-pf@freebsd.org Subject: Re: problem with PF tables X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2008 19:53:46 -0000 On Mon, Mar 31, 2008 at 12:12 PM, Adam Vondersaar wrote: > I have had a production machine running for 6 months now using PF to > block SSH brute force attacks. What seems to happen now is that the > table is not staying open and PF can not add the IP to block. I am > curious if anyone has ran in to such a problem. I am using the > expiretable port to clear the tables with a cron job and here is an > excerpt from the pf.conf: > What versions of everything? What is the expiretable line you're using? What do you mean not "staying open" etc.