Expiretable snort2c is 1800 instead than 3600 as GUI interface says

bellera

Hello!

I'm testing snort package with 1.2 BETA and I saw that blocked offenders hosts "desapaired" before one hour of the snort2c PF table:

pfctl -rt snort2c -vT show

Looking at config.xml

cat /cf/conf/config.xml | grep snort2c

<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1800 snort2c

So, I think the expire time is 1800 seconds (a half hour).

At GUI says one hour …

Regards,

Josep Pujadas

sullrich

Thanks, fixed.