FreeBSD 8.2-RELEASE-p3 binary (yeah, I need to update, but my DVD reader
is busted).
After seeing an obnoxious spammer on 216.66.15.120 (it doesn't take "550
5.7.1" as a hint), I thought this would be a good time to try tables so
that it doesn't clutter my reject log.
/etc/pf.conf:
table <spammers> persist file "/etc/spammers"
...
block in log quick on $ext_if from <spammers> to any
/etc/spammers:
# netman.cust.fsi.io
216.66.15.120
and restart. File gets read, but it's not blocking. OK, add it in by
hand:
aneurin# pfctl -t spammers -Tadd 216.66.15.120
No ALTQ support in kernel
ALTQ related functions disabled
1 table created.
1/1 addresses added.
Odd. So the table is now created, but it still ain't blocking. Adding it
a second time is ignored.
I also tried blocking woodpeckers (those which retry *seconds* later).
/etc/pf.conf:
table <woodpeckers> persist
...
block in log quick on $ext_if from <woodpeckers>
# No more that 10/IP, or 5/minute should be plenty.
pass inet proto tcp from any port smtp \
flags S/SA keep state \
(max-src-conn 10, max-src-conn-rate 5/60, \
overload <woodpeckers> flush global)
Nope. Try by hand:
aneurin# pfctl -t woodpeckers -T add 212.192.226.180
No ALTQ support in kernel
ALTQ related functions disabled
1 table created.
1/1 addresses added.
Nope. Nothing in the log, and "pfctl -t woodpeckers -T show -v" reports
no matches.
As a quick test, I disallow *all* SMTP. Still works.
So, err, does PF actually work? Have I stuffed up somewhere?
Thanks.
--
Dave Horsfall (VK2KFU) "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
