Two pf questions

[David Mehler]

Hello,

I'm running FreeBSD 10.3 and have two pf questions.

I've got two tables fail2ban and bruteforce. Every hour I'm dumping
the in-memory versions of these tables to disk with something like:

pfctl -t bruteforce -T show >> /etc/pf/bruteforce

the problem is that I'm getting duplic addresses. The table has
fifteen addresses in memory but 75 in the table there's no unique
sorting, any ideas on how? I only want unique IP's in the on disk
table to avoid redundant addresses and do not want to zero the table
out every hour.

My second question is one of nat reflection is the term. I've got a
jail running a service on port 8000. I've got external redirect rules
and pass rules passing in the traffic. The problem is I've got need to
get access to that machine port 8000 on the host machine.

I try something like ssh user at xxx.xxx.xxx.xxx -p 8000

and get an access denied message, the firewall is not permitting the
traffic. Needing to set up nat reflection, I've tried googling and
some examples no go so far.

Finally, does anyone have a pf, freebsd, and fail2ban setup 0.9.x? I'd
like to take a look at your jail setup in fail2ban and compare it with
mine. It seems liek traffic that should be blocked is not being.

Thanks.
Dave.