diff --git a/config/action.d/pf.conf b/config/action.d/pf.conf index deb38c09..02fbcd8d 100644 --- a/config/action.d/pf.conf +++ b/config/action.d/pf.conf @@ -15,8 +15,8 @@ # # we don't enable PF automatically; to enable run pfctl -e # or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD) -actionstart = echo "table <<tablename>-<name>> persist counters" | pfctl -f- - echo "block proto <protocol> from <<tablename>-<name>> to <actiontype>" | pfctl -f- +actionstart = echo "table <<tablename>-<name>> persist counters" | pfctl -a f2b/<name> -f- + echo "block proto <protocol> from <<tablename>-<name>> to <actiontype>" | pfctl -a f2b/<name> -f- # Option: start_on_demand - to start action on demand # Example: `action=pf[actionstart_on_demand=true]` @@ -27,16 +27,16 @@ actionstart_on_demand = false # Values: CMD # # we only disable PF rules we've installed prior -actionstop = pfctl -sr 2>/dev/null | grep -v <tablename>-<name> | pfctl -f- - pfctl -t <tablename>-<name> -T flush - pfctl -t <tablename>-<name> -T kill +actionstop = pfctl -a f2b/<name> -sr 2>/dev/null | grep -v <tablename>-<name> | pfctl -a f2b/<name> -f- + pfctl -a f2b/<name> -t <tablename>-<name> -T flush + pfctl -a f2b/<name> -t <tablename>-<name> -T kill # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # -actioncheck = pfctl -sr | grep -q <tablename>-<name> +actioncheck = pfctl -a f2b/<name> -sr | grep -q <tablename>-<name> # Option: actionban @@ -47,7 +47,7 @@ actioncheck = pfctl -sr | grep -q <tablename>-<name> # <time> unix timestamp of the ban time # Values: CMD # -actionban = pfctl -t <tablename>-<name> -T add <ip> +actionban = pfctl -a f2b/<name> -t <tablename>-<name> -T add <ip> # Option: actionunban @@ -59,7 +59,7 @@ actionban = pfctl -t <tablename>-<name> -T add <ip> # Values: CMD # # note -r option used to remove matching rule -actionunban = pfctl -t <tablename>-<name> -T delete <ip> +actionunban = pfctl -a f2b/<name> -t <tablename>-<name> -T delete <ip> [Init] # Option: tablename