Before pfctl acquired the ability to expire table entries, Henrik Gustafsson had written expiretable, which removes table entries which have not been accessed for a specified period of time.
One useful example is to use the expiretable program as a way of removing outdated <bruteforce> table entries.
You could for example let expiretable remove <bruteforce> table entries older than 24 hours by adding an entry containing the following to your /etc/rc.local file:
/usr/local/sbin/expiretable -v -d -t 24h bruteforce
expiretable was quickly added to the ports tree on FreeBSD and OpenBSD[1].
If expiretable is not available via your package system, you can download it from Henrik's site at http://expiretable.fnord.se/
| [1] | as security/expiretable and sysutils/expiretable, respectively. It is also worth noting that expiretable was removed from the OpenBSD ports tree in 2008. |