Igor Mozolevsky <[email protected]> writes: >> I've used bruteblock, which manages ipfw, for blocking SMTP attackers and >> reducing smtp connects by 10s of 1000s per day. > > [snip] > >> Anybody know of anything similar for pf? > > http://www.bgnett.no/~peter/pf/en/spamd.setup.html
OP more likely wants something like state tracking with overload tables, ie http://home.nuug.no/~peter/pf/en/bruteforce.html or similar (yes, please update your bookmarks to point to the nuug site, the bgnett one is getting stale). It's worth noting that the overload tables method is not limited to specific services as long as you can dream up sensible criteria and some useful action to take on the hosts that end up in the overload list. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
