diff --git a/THANKS b/THANKS
index 9dd2e47c6..7c008c2cb 100644
--- a/THANKS
+++ b/THANKS
@@ -22,6 +22,7 @@ Andrey G. Grozin
 Andy Fragen
 Arturo 'Buanzo' Busleiman
 Axel Thimm
+Balazs Mateffy
 Bas van den Dikkenberg
 Beau Raines
 Bill Heaton
diff --git a/config/action.d/pf.conf b/config/action.d/pf.conf
index 933b4de01..7181ed964 100644
--- a/config/action.d/pf.conf
+++ b/config/action.d/pf.conf
@@ -4,6 +4,7 @@
 #
 # Author: Nick Hilliard <nick@foobar.org>
 # Modified by: Alexander Koeppe making PF work seamless and with IPv4 and IPv6
+# Modified by: Balazs Mateffy adding allproto option so all traffic gets blocked from the malicious source
 #
 #
 
@@ -26,9 +27,11 @@
 #     }
 # to your main pf ruleset, where "namei" are the names of the jails
 # which invoke this action
+# to block all protocols use the pf[protocol=all] option
 actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f-
               port="<port>"; if [ "$port" != "" ] && case "$port" in \{*) false;; esac; then port="{$port}"; fi
-              echo "<block> proto <protocol> from <<tablename>-<name>> to <actiontype>" | <pfctl> -f-
+              protocol="<protocol>"; if [ "$protocol" != "all" ]; then protocol="proto $protocol"; else protocol=all; fi
+              echo "<block> $protocol from <<tablename>-<name>> to <actiontype>" | <pfctl> -f-
 
 # Option:  start_on_demand - to start action on demand
 # Example: `action=pf[actionstart_on_demand=true]`
@@ -98,6 +101,7 @@ tablename = f2b
 #
 # The action you want pf to take.
 # Probably, you want "block quick", but adjust as needed.
+# If you want to log all blocked use "blog log quick"
 block = block quick
 
 # Option:  protocol