[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rdr pass, max-src-conn

On Wed, Sep 07, 2005 at 11:03:35PM +0100, ed wrote:
> Thanks Roy and Daniel for your answers. I have another question now
> (sorry), how can I sync the table <abuse_src> with pfsync? It's great
> that addresses which violate a connection rate limit are stored in a
> table but it would be very nice if this could be carried over both
> hosts, since I hope one of the boxes will be online at any given time
> then the list could be stored indefinitely.
That's not currently possible with pfsync, it only syncs state entries,
nothing else.
You could script it, something like
  host1$ pfctl -t abuse_src -Ts | ssh host2 "pfctl -t abuse_src -Ta -f -"
and similarily the other way around. Make sure invokations don't
overlap. If the tables get large, incremental updates might be required.