On Mon, May 11, 2026 at 03:05:27AM +0200, Alexandr Nedvedicky wrote:
> As you can see pf(4) keeps adding addresses to table. Administrator
> must clear the table which is used by 'overload' option.
> 
> The newly added 'Source Limiter' suffers from the same issue.
> Source limiter may add the source IP address which exceeds
> the limit to table. However administrator can not define
> any duration how long the IP address should be kept in
> table referred by limiter.
> 
> Diff below adds 'timeout' option for table, so administrator
> can define duration in seconds for how long the IP address
> is kept in table.

A very welcome change from my perspective, as long as we can make
sure existing setups don't break too much.

The classic advice about using overload tables for anything has been
that good housekeeping includes running "pfctl expire" with sensible
parameters on the tables from a cron job.

This change will make that advice (almost) superfluous.

All the best,
Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://nxdomain.no/~peter/blogposts https://nostarch.com/book-of-pf-4th-edition
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.