Gergo Szakal bastyaelvtars at
Tue Jan 23 12:29:31 PST 2007

On Tue, 23 Jan 2007 21:07:08 +0100
Joerg Sonnenberger <joerg at> wrote:

> I don't think that can be done easily. Have you tought about just
> limiting the number of connections for the host/net? See max-src-states.

Well, that is not an option in my case, because I need to get the banned IPs since they are static and I have to make sure no such connections are permitted to go through my firewall until the client machine's disinfection. It is easier for me and more secure.
Thanks for the answer anyway, I'll probably give it a try, it's more than nothing, though I could just play with a script that processes pfctl -si output and executes pfctl -T infected -t add ip, since the destination ports being swept are well-known.

Gergo Szakal <bastyaelvtars at>
University Of Szeged, HU
Faculty Of General Medicine

/* Please do not CC me with replies, thank you. */

More information about the Users mailing list