On 2020-05-27 14:27, Walter Alejandro Iglesias wrote:
Another question about pf.
Perhaps I don't fully understand how connection rate is calculated.
The following line in /etc/pf.conf:
pass in log inet proto tcp to any port { smtp smtps } synproxy state
\
(max-src-conn-rate 5/30,
On Thu, May 28, 2020 at 12:06:18PM +0200, Marko Cupać wrote:
> On 2020-05-27 14:27, Walter Alejandro Iglesias wrote:
> > Another question about pf.
> >
> > Perhaps I don't fully understand how connection rate is calculated.
> >
> > The following line in /etc/pf.conf:
> >
> > pass in log inet
Brian Brombacher wrote:
> Keep in mind operations using pfctl such as reloading rule set or table
> from file, any IP’s caught in the smtp table by the max-src-conn-rate
> will be flushed de pending on your command line.
> Every hour I scrape logs for AUTH failures and add them to a pfctl
>
Keep in mind operations using pfctl such as reloading rule set or table from
file, any IP’s caught in the smtp table by the max-src-conn-rate will be
flushed depending on your command line.
> On May 27, 2020, at 4:29 PM, Walter Alejandro Iglesias
> wrote:
>
> Hello Brian,
>
>> On Wed, May
Hello Brian,
On Wed, May 27, 2020 at 02:35:46PM -0400, Brian Brombacher wrote:
> What do you do with table in other rules? If you’re doing nothing,
> you need to do something like block additional connections, or adjust the
> pass rule to include from !
You're right. I forgot to mention I
What do you do with table in other rules? If you’re doing nothing, you
need to do something like block additional connections, or adjust the pass rule
to include from !
Run: pfctl -t smtp -T show
Does it show the offending IP? If so, the rule worked as you defined it.
> On May 27, 2020,
Another question about pf.
Perhaps I don't fully understand how connection rate is calculated.
The following line in /etc/pf.conf:
pass in log inet proto tcp to any port { smtp smtps } synproxy state \
(max-src-conn-rate 5/30, overload flush global)
Shouldn't avoid this happen?
In
7 matches
Mail list logo