EXPIRETABLE ( 1 ) OpenBSD Reference Manual EXPIRETABLE ( 1 )

NAME

expiretable - removes PF table entries based on age

SYNOPSIS

expiretable [ -dnvp ] [ -a anchor ] [ -t age ] table

DESCRIPTION

expiretable is used to remove entries from the pf table specified by table with an age greater than that specified in -t age. The options:

-a anchorSpecify the anchor containing the (private) table.

-d Daemonize. Detach from terminal and run in the background. The -p flag is implied.

-n Dry-run. Go through the motions, but don't actually delete anything.

-p Will cause expiretable to poll for expired entries instead of exiting.

-t ageSpecify the maximum age of a table-entry. age can be specified as a positive integer, in seconds,
or as a series of positive integers with suffixes. Valid suffixes are d (days), h (hours), m (minutes),
s (seconds). The total number of seconds must be less then 100 million (as defined by OpenBSDs
nanosleep(2)).

-v Verbose output. Use twice for even more verbose output.

EXAMPLES

The following removes any entries in table int.users older than one hour:

# expiretable -v -t 3600 int.users

This example removes any entries in table int.users older than one and a half hour:

# expiretable -v -t 1h30m int.users

SEE ALSO
pf(4), pfctl(8)

OpenBSD 3.8 June 19 2005 1