Sergey G. Brester

Or we'll need additionally the table, besides anchor in this case? The documentation is very short there...

:( > so I'm not sure that flush states in this case is limited only to specific anchor. according to pfctl-docu it is so, as regards the anchor,... but unfortunately...

> `# pfctl -k key -k 'tcp 10.0.0.1:80

> My quick test showed that `pfctl -a f2b/named ... -F states` killed my active ssh connection @IdahoPL Just to be sure, how your `f2b-named` table resp. anchor were built,...

So what would you say, bug of `pf`? I could understand, that as long as the table not involved, all IPs are affected, but according to the documentation it should...

> Flushing all state for the main table would be bad I've never suggested to do this. > killing all states for a single IP on any port is the...

@IdahoPL I tried currently the multiport test and I cannot reproduce this "pf-bug" with anchors at all. ```bash root@test-server # echo "block return quick proto tcp from to any port...

Are you sure there are no other lines from same IP (session)? Something with event "ChallengeResponseFailed" etc (or severity "Error"), like: https://github.com/fail2ban/fail2ban/blob/337be4b36ccefaffe4b1369fd5d6df3ae3077744/fail2ban/tests/files/logs/asterisk#L52 Because I don't think event "ChallengeSent" as well...

I see... Well, it is not really authentication attempts, just an info about sending of challenge. Although I understand that the AccountID is unknown, but unsure what exactly asterisk/PJSIP want...

BTW why a new config file? Additionally can you take a look in #1690. Possibly we can combine this to the single file.