Brian Brombacher wrote: > Keep in mind operations using pfctl such as reloading rule set or table > from file, any IP’s caught in the smtp table by the max-src-conn-rate > will be flushed de pending on your command line.
> Every hour I scrape logs for AUTH failures and add them to a pfctl > table using pfctl -t table_name -T add ip_address. These are the pfctl commands I use in the cron script. In this order, no more and no less: # Expire old entries pfctl -q -t smtp -T expire $(expr $days \* 86400) # Add new entries to table pfctl -q -t smtp -T add -f /tmp/newaddresses # Save list to file pfctl -q -t smtp -T show > /path/to/smtp.txt (By the way, the 'expire' command is the reson of my first question in the "Restore pf tables metadata after a reboot" thread.) I'll do the test I mentioned before, I'll add a provisional table affected only by the max-src-conn-rate. Walter