Add caution to the Events example on blacklisting

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-25 00:53:49 +01:00 · 2013-07-15 14:30:31 -07:00 · 2013-07-15 14:30:31 -07:00 · 04c2a88d74
commit 04c2a88d74
parent 8c27b027fc
1 changed files with 8 additions and 0 deletions
--- a/docs/Events.xml
+++ b/docs/Events.xml
@ -541,6 +541,14 @@ SetEvent(SSH,ACCEPT,src)</programlisting>
      <programlisting>#ACTION               SOURCE         DEST      PROTO      DEST
 #                                                         PORT(S)
 SSHLIMIT              net            $FW       tcp        22                        </programlisting>
+
+      <caution>
+        <para>The technique demonstrated in this example is not self-cleaning.
+        The SSH_COUNTER event can become full with blackisted addresses that
+        never attempt to connect again. When that happens and a new entry is
+        added via SetEvent, the least recently seen address in the table is
+        deleted.</para>
+      </caution>
    </section>

    <section>