From owner-freebsd-pf@FreeBSD.ORG Mon Nov 3 03:54:08 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B902113E for ; Mon, 3 Nov 2014 03:54:08 +0000 (UTC) Received: from smtp.po.exetel.com.au (pecan2-mail.exetel.com.au [220.233.0.71]) by mx1.freebsd.org (Postfix) with ESMTP id 794F1EB1 for ; Mon, 3 Nov 2014 03:54:07 +0000 (UTC) Received: from phasia.kd.net.au ([115.70.76.27]) by smtp.po.exetel.com.au with esmtp (Exim 4.80) (envelope-from ) id 1Xl8iV-0007cM-JR for freebsd-pf@freebsd.org; Mon, 03 Nov 2014 14:54:07 +1100 Received: from aneurin.horsfall.org (unknown [120.146.8.15]) by dermis.kd (Postfix) with ESMTP id 591B2CD2E for ; Mon, 3 Nov 2014 14:55:50 +1100 (EST) Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.14.4/8.14.4) with ESMTP id sA33s39J005649 for ; Mon, 3 Nov 2014 14:54:04 +1100 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.14.4/8.14.4/Submit) with ESMTP id sA33s2Mh005646 for ; Mon, 3 Nov 2014 14:54:03 +1100 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Mon, 3 Nov 2014 14:54:02 +1100 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: Getting tables to work in PF Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 03:54:08 -0000 FreeBSD 8.2-RELEASE-p3 binary (yeah, I need to update, but my DVD reader is busted). After seeing an obnoxious spammer on 216.66.15.120 (it doesn't take "550 5.7.1" as a hint), I thought this would be a good time to try tables so that it doesn't clutter my reject log. /etc/pf.conf: table persist file "/etc/spammers" ... block in log quick on $ext_if from to any /etc/spammers: # netman.cust.fsi.io 216.66.15.120 and restart. File gets read, but it's not blocking. OK, add it in by hand: aneurin# pfctl -t spammers -Tadd 216.66.15.120 No ALTQ support in kernel ALTQ related functions disabled 1 table created. 1/1 addresses added. Odd. So the table is now created, but it still ain't blocking. Adding it a second time is ignored. I also tried blocking woodpeckers (those which retry *seconds* later). /etc/pf.conf: table persist ... block in log quick on $ext_if from # No more that 10/IP, or 5/minute should be plenty. pass inet proto tcp from any port smtp \ flags S/SA keep state \ (max-src-conn 10, max-src-conn-rate 5/60, \ overload flush global) Nope. Try by hand: aneurin# pfctl -t woodpeckers -T add 212.192.226.180 No ALTQ support in kernel ALTQ related functions disabled 1 table created. 1/1 addresses added. Nope. Nothing in the log, and "pfctl -t woodpeckers -T show -v" reports no matches. As a quick test, I disallow *all* SMTP. Still works. So, err, does PF actually work? Have I stuffed up somewhere? Thanks. -- Dave Horsfall (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there)