Hostwurx :: freebsd, openbsd, Security tutorials

Expiretable

Expiretable is a utility used to remove entries from a pf table based on their age. In a previous post we showed how to block bruteforce attacks using pf. Over time the table we're using for this would grow in size, taking up more memory. Also, an IP added to the table may have been dynamically assigned, and the culprit may now be using another IP, so little reason to maintain this entry indefinitely.
Using expiretable we can remove entries from our bruteforce table which are older than a specified age. The man-page shows two examples:
The following removes any entries in table bruteforce older than one hour:

# expiretable -v -t 3600 bruteforce

This example removes any entries in table bruteforce older than one and a half hours:

# expiretable -v -t 1h30m bruteforce

Add the following cron entry

*/10 * * * * /usr/local/sbin/expiretable -t 3600 bruteforce

and every 10 minutes, entries older than 1 hour will be expired.

Bookmark:
Twitter
Bebo
Google
Facebook
Delicious
Reddit
StumbleUpon

Bookmark:
Buzz
Digg
Mixx
Fark It
MySpace
Diigo
Jumptags
Kirtsy