Using expiretable to tidy your tables

Before pfctl acquired the ability to expire table entries, Henrik Gustafsson had written expiretable, which removes table entries which have not been accessed for a specified period of time.

One useful example is to use the expiretable program as a way of removing outdated <bruteforce> table entries.

You could for example let expiretable remove <bruteforce> table entries older than 24 hours by adding an entry containing the following to your /etc/rc.local file:

/usr/local/sbin/expiretable -v -d -t 24h bruteforce

expiretable was quickly added to the ports tree on FreeBSD and OpenBSD[1].

If expiretable is not available via your package system, you can download it from Henrik's site at



as security/expiretable and sysutils/expiretable, respectively. It is also worth noting that expiretable was removed from the OpenBSD ports tree in 2008.