Hi, I have a server which gets flooded with unsolicited HTTP requests. So far, I use relayd filters to identify those requests and block them, at relayd level. It works as they never reach the web server but relayd is still working to block them.
I thought of parsing relayd logs to get those IPs and add them to a pf block table, using an automated script. I also thought of using tags to forward the connections to a program that would add the IP to the pf block table. Would there be a simpler / smarter way to have relayd add an IP matching a block rule into a pf table? Thanks, Joel C.
