Brian Brombacher wrote:
> Keep in mind operations using pfctl such as reloading rule set or table
> from file, any IP’s caught in the smtp table by the max-src-conn-rate
> will be flushed de pending on your command line.
> Every hour I scrape logs for AUTH failures and add them to a pfctl
> table using pfctl -t table_name -T add ip_address.
These are the pfctl commands I use in the cron script. In this order,
no more and no less:
# Expire old entries
pfctl -q -t smtp -T expire $(expr $days \* 86400)
# Add new entries to table
pfctl -q -t smtp -T add -f /tmp/newaddresses
# Save list to file
pfctl -q -t smtp -T show > /path/to/smtp.txt
(By the way, the 'expire' command is the reson of my first question in
the "Restore pf tables metadata after a reboot" thread.)
I'll do the test I mentioned before, I'll add a provisional table
affected only by the max-src-conn-rate.
Walter
