CiotBSD@billboard.bsd.cafe⇒ Automatic expiry at timeout for pf(4) overload tables
Network-oriented readers will be familiar with the concept of overload tables, commonly used with state tracking options to create adaptive rulesets for such things as punishing password-guessing botnets.
A downside to tables that would tend to fill up indefinitely is that at some point they will be quite full, and the administrator would need to either manually run pfctl expire or set up a crontab entry to weed out old entries at intervals.
- https://undeadly.org/cgi?action=article;sid=20260513064948
- https://marc.info/?l=openbsd-tech&m=177846164902091&w=2
ping: https://framapiaf.org/@openbsdjournal@mastodon.social/116565993077076112
That’s an interesting idea, though I’m not sure if it’s relevant.
The question I’m asking myself is: why is it problematic to use the
expireoption, which is designed for this very purpose? because sysadmins forget to configure it, which causes the relevant tables to grow?!I think this is more relevant:
seen on: - https://undeadly.org/cgi?action=article;sid=20260513064948
This seems me a good idea: save with good informations when rebooting is needed, as instance a "new" rebuilded kernel