That’s an interesting idea, though I’m not sure if it’s relevant.
The question I’m asking myself is: why is it problematic to use the expire option, which is designed for this very purpose? because sysadmins forget to configure it, which causes the relevant tables to grow?!
I think this is more relevant:
The "feature request" wish I have is to be able to backup/restore tables
preserving the counters and timestamp for each entry.
Currently I do a "pfctl -T show" and save to file on server shutdown.
Then I do a "pfctl -T add" from filename to reload table on boot.
Obviously this resets all the timestamps to the current boot time.
I know, don't reboot.
seen on: - https://undeadly.org/cgi?action=article;sid=20260513064948
This seems me a good idea: save with good informations when rebooting is needed, as instance a "new" rebuilded kernel
