On 2006-02-23 12:07:03 -0500, Chris Smith wrote:
> ---
> How would I go about listening to pflog0? I
http://www.openbsd.org/faq/pf/logging.html
> IOW, from your experience, is tcpdump safe in this scenario and is it's
> overhead minima
On Thursday 23 February 2006 11:40, Bob Beck wrote:
> > Bit of a openBSD n00b here. How would I go about listening to
> > pflog0? I thought that required tcpdump running. What I want it
> > running continuously on a small, dedicated firewall box (concerned
> > about processing power as well as secu
Chris Smith wrote:
> But with max-src-conn-rate aren't you actually allowing connections? The
> first I want to do is block connections, not allow them. Will use of
> max-src-conn-rate work with a block? With attempted connections that
> never get allowed?
A "block" rule will just block all co
* Chris Smith <[EMAIL PROTECTED]> [2006-02-23 09:34]:
> On Wednesday 22 February 2006 15:37, Ray Lai wrote:
> > Do ``block in log on port 25'' and listen to pflog0 to add bad
> > hosts.
>
> Bit of a openBSD n00b here. How would I go about listening to pflog0? I
> thought that required tcpdump run
On Wednesday 22 February 2006 16:19, Stuart Henderson wrote:
> recent (preferably -current/snapshot ports) smtp-vilter handles this
> quite nicely.
Thanks but it's probably not a solution in this case. I'm not that
experienced with openBSD but I'm a bit leery about running -current on
a dedicate
On Wednesday 22 February 2006 15:37, Ray Lai wrote:
> Do ``block in log on port 25'' and listen to pflog0 to add bad
> hosts.
Bit of a openBSD n00b here. How would I go about listening to pflog0? I
thought that required tcpdump running. What I want it running
continuously on a small, dedicated f
On Wednesday 22 February 2006 16:48, Daniel Ouellet wrote:
> If you read on the PF and look at what I send you, you will see that
> IS updated automatically.
>
> That's what the line:
>
> (max-src-conn-rate 5/30, overload flush global)
>
> does. After 5 connection in 30 seconds, the IP address is
Daniel Ouellet wrote:
> Ray Lai wrote:
>> I thought you meant you could do something like:
>>
>> block in log-table to port 25
>>
>> where is updated automatically.
>
> If you read on the PF and look at what I send you, you will see that
> IS updated automatically.
>
> That's what the line
On Wed, Feb 22, 2006 at 04:48:19PM -0500, Daniel Ouellet wrote:
> Ray Lai wrote:
> >I thought you meant you could do something like:
> >
> > block in log-table to port 25
> >
> >where is updated automatically.
>
> If you read on the PF and look at what I send you, you will see that
> IS up
Ray Lai wrote:
I thought you meant you could do something like:
block in log-table to port 25
where is updated automatically.
Read this section and you will get a few good idea on log to table and
then use the same table to block the traffic you don't want:
http://openbsd.org/faq
Ray Lai wrote:
I thought you meant you could do something like:
block in log-table to port 25
where is updated automatically.
If you read on the PF and look at what I send you, you will see that
IS updated automatically.
That's what the line:
(max-src-conn-rate 5/30, overload
On Wed, Feb 22, 2006 at 04:17:35PM -0500, Daniel Ouellet wrote:
> Ray Lai wrote:
> >On Wed, Feb 22, 2006 at 03:31:41PM -0500, Daniel Ouellet wrote:
> >>Chris Smith wrote:
> >>>In addition to preventing infected PC's from using their own SMTP engine
> >>>to send out spam by blocking port 25 from al
On 2006/02/22 14:47, Chris Smith wrote:
> In addition to preventing infected PC's from using their own SMTP engine
> to send out spam by blocking port 25 from all but the mail server. I
> would also like to add those hosts automatically to a table in order to
> block their access altogether so t
Ray Lai wrote:
On Wed, Feb 22, 2006 at 03:31:41PM -0500, Daniel Ouellet wrote:
Chris Smith wrote:
In addition to preventing infected PC's from using their own SMTP engine
to send out spam by blocking port 25 from all but the mail server. I
would also like to add those hosts automatically to a
On Wed, Feb 22, 2006 at 03:31:41PM -0500, Daniel Ouellet wrote:
> Chris Smith wrote:
> >In addition to preventing infected PC's from using their own SMTP engine
> >to send out spam by blocking port 25 from all but the mail server. I
> >would also like to add those hosts automatically to a table i
On Wed, Feb 22, 2006 at 02:47:02PM -0500, Chris Smith wrote:
> In addition to preventing infected PC's from using their own SMTP engine
> to send out spam by blocking port 25 from all but the mail server. I
> would also like to add those hosts automatically to a table in order to
> block their a
Chris Smith wrote:
In addition to preventing infected PC's from using their own SMTP engine
to send out spam by blocking port 25 from all but the mail server. I
would also like to add those hosts automatically to a table in order to
block their access altogether so that the infected PC's cannot
In addition to preventing infected PC's from using their own SMTP engine
to send out spam by blocking port 25 from all but the mail server. I
would also like to add those hosts automatically to a table in order to
block their access altogether so that the infected PC's cannot attempt
other dama
18 matches
Mail list logo
