PF Blacklist timer

use the pfctl expire option in crontab like this:

Code:
# pf table cleanup
*/10    *       *       *       *       root    pfctl -t scanner -T expire 864000 > /dev/null 2>&1

"scanner" is my overloaded pf table of addresses out there scanning specific ranges of ports.

pf.conf handles adding and blocking addresses in the scanner table.
 
Back
Top