From owner-freebsd-questions@freebsd.org Mon Mar 27 14:37:52 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 209D9D20A14 for ; Mon, 27 Mar 2017 14:37:52 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-wr0-x22d.google.com (mail-wr0-x22d.google.com [IPv6:2a00:1450:400c:c0c::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CE2A627C for ; Mon, 27 Mar 2017 14:37:51 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-wr0-x22d.google.com with SMTP id u1so59981800wra.2 for ; Mon, 27 Mar 2017 07:37:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=yAF0MKxH791Ir9OdJ0Sm1yymZxDf/V2vFNQFANzzTPA=; b=Rsp+CpunExHQob/h2QU+jUkgFCW9zlx91ycSJfCNsfjZ0ygzRTUafeMkS7kM7r8aBP ivmNBua0Ao23kgU6/87Tg+c+Cb4XDdwiAy2M9Nnsgy7PjzUtDtey6O5r0sO2x2fp4xvJ iq4A6WKMp3wpEIfEPZL7uIrcY5sRGTFyDATQKcaH2GOBui/jAMy4ER7ApFZ6gWheIbqf 6679xlDugxiD51/r2Z05j0Gf9WMmbsNT7hBVFz25NWeLe/MmLQrvIBjdkeAwtaidpVl9 Pw0EEktyl58ePcAzBwsHukTJwrLP/2L9LgtWN0NqQuA1F7z3pASOfglE4NzzODtammPU Gu3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=yAF0MKxH791Ir9OdJ0Sm1yymZxDf/V2vFNQFANzzTPA=; b=gce9QfNp3PeCiNp+RkXkwLpRFhx5WqXx0vdkUw+/q0y+g2JI9DY5b6th3cFatdkwnP V2kkxIELgUZ/56mPf+xjzVSe+5mxBDoL3PIe2rdgXsvUldNv0HxCG4asro0E1Iv80dx8 YFcE/g3IlRWF2rIRclO0SLVztupdwkwBilyWnrsZofxtM69j0gUoPYH9/21EVfIwy6tx ktq3gALZueDbYCXg5Cl/0GByWFk5QID6EyPZx+eYmSC5Mwxx9qqTyuMpfIKJwejggpX4 XhnN6SkhXVVXS3H9Nlk8eM7dC+rMpYyf74/F0R2lXCvUjAMohQ4fSgQ8d5WoJdZkxzlj rttQ== X-Gm-Message-State: AFeK/H2ZfwaRFIIG4uEX6rooXXbPMImhBtTB0qJB8hoOLX8U+2VsE+8SHMsOlU2qusL5xt77IBGhrnd46G6kHg== X-Received: by 10.223.136.246 with SMTP id g51mr15465036wrg.83.1490625469886; Mon, 27 Mar 2017 07:37:49 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.148.35 with HTTP; Mon, 27 Mar 2017 07:37:49 -0700 (PDT) From: David Mehler Date: Mon, 27 Mar 2017 10:37:49 -0400 Message-ID: Subject: Two pf questions To: freebsd-questions Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Mar 2017 14:37:52 -0000 Hello, I'm running FreeBSD 10.3 and have two pf questions. I've got two tables fail2ban and bruteforce. Every hour I'm dumping the in-memory versions of these tables to disk with something like: pfctl -t bruteforce -T show >> /etc/pf/bruteforce the problem is that I'm getting duplic addresses. The table has fifteen addresses in memory but 75 in the table there's no unique sorting, any ideas on how? I only want unique IP's in the on disk table to avoid redundant addresses and do not want to zero the table out every hour. My second question is one of nat reflection is the term. I've got a jail running a service on port 8000. I've got external redirect rules and pass rules passing in the traffic. The problem is I've got need to get access to that machine port 8000 on the host machine. I try something like ssh user@xxx.xxx.xxx.xxx -p 8000 and get an access denied message, the firewall is not permitting the traffic. Needing to set up nat reflection, I've tried googling and some examples no go so far. Finally, does anyone have a pf, freebsd, and fail2ban setup 0.9.x? I'd like to take a look at your jail setup in fail2ban and compare it with mine. It seems liek traffic that should be blocked is not being. Thanks. Dave.