Date: Fri, 31 Mar 2017 17:27:38 -0700 From: "Chris H" <chrish@UltimateDNS.NET> To: <freebsd-pf@freebsd.org> Subject: Re: Getting auto-block to work Message-ID: <5acabd92697e0896d938b1183d5359e3@ultimatedns.net> In-Reply-To: <alpine.BSF.2.20.1704010808150.81763@aneurin.horsfall.org> References: <alpine.BSF.2.20.1704010808150.81763@aneurin.horsfall.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 1 Apr 2017 08:29:41 +1100 (EST) Dave Horsfall <dave@horsfall.org> wrote
> Does anyone have a PF rule that actually blocks woodpeckers? I have this
> rule:
>
> pass inet proto tcp from any to any port smtp \
> flags S/SA keep state \
> (max-src-conn 10, max-src-conn-rate 2/20, \
> overload <woodpeckers> flush global)
I could never get that to work, either.
>
> I understand that as being no more than twice in twenty seconds (which is
> amply generous by my reading of the RFC), but it's not working; for
> example, the latest problem-child is:
>
> Date: Mar 31 00:04:10 (v2UD3uT2070289)
> from=<return@manualpratico.info>
> relay=server1.manualpratico.info [186.251.128.25]
> reject=450 4.7.1 <dave@horsfall.org>... I greylist .info
>
> Date: Mar 31 00:14:25 (v2UDEBaT070308)
> from=<return@manualpratico.info>
> relay=server1.manualpratico.info [186.251.128.25]
> reject=450 4.7.1 <dave@horsfall.org>... I greylist .info
>
> continuing every 15 seconds (and I've seen much worse) which I have
> manually blocked ("pfctl -t woodpeckers -T add 186.251.128.25", but isn't
> PF supposed to do that for me?
>
> (And yes, Sendmail also has this non-working "feature", but that's OT.)
OFF TOPIC
The following works famously for me in my (hostname).mc file:
FEATURE(greet_pause, `6000')
as does:
define(`confCONNECTION_RATE_THROTTLE', `2')
HTH
As for OT; I'd have sent it to you off list. But your bouncing me.
--Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5acabd92697e0896d938b1183d5359e3>