From owner-freebsd-pf@FreeBSD.ORG Tue Mar 17 17:33:23 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BFCFF633 for ; Tue, 17 Mar 2015 17:33:23 +0000 (UTC) Received: from conker.exetel.com.au (conker-mail2.exetel.com.au [220.233.0.58]) by mx1.freebsd.org (Postfix) with ESMTP id 7DE06E4F for ; Tue, 17 Mar 2015 17:33:22 +0000 (UTC) Received: from phasia.kd.net.au ([220.233.10.47]) by conker.exetel.com.au with esmtp (Exim 4.71) (envelope-from ) id 1YXv4d-00064n-Kk for freebsd-pf@freebsd.org; Wed, 18 Mar 2015 04:14:35 +1100 Received: from aneurin.horsfall.org (unknown [120.146.8.15]) by dermis.kd (Postfix) with ESMTP id 47633CD2E for ; Wed, 18 Mar 2015 04:14:35 +1100 (EST) Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.14.9/8.14.9) with ESMTP id t2HHEWeB019854 for ; Wed, 18 Mar 2015 04:14:34 +1100 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.14.9/8.14.9/Submit) with ESMTP id t2HHEVlv019851 for ; Wed, 18 Mar 2015 04:14:32 +1100 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Wed, 18 Mar 2015 04:14:31 +1100 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: Hints on rate limiting Message-ID: User-Agent: Alpine 2.11 (BSF 23 2013-08-11) X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Mar 2015 17:33:23 -0000 FreeBSD 9.3-RELEASE-p5 (GENERIC) #0: Mon Nov 3 22:02:57 UTC 2014 fxp0: (on board) I'm having trouble with getting rate limiting to work i.e. so many connections from the same source in so many seconds (what we in the anti-spam community call "woodpeckers"). Does it actually work on FreeBSD 9? I know that PF doesn't work at all on FreeBSD 8 (at least, with the NIC above), and if it does indeed work then what would be a good starting point? Note that a complicating factor is that I have configured a "greet pause" of 10 seconds i.e. after the connection I wait for that long before issuing the SMTP greeting (and woe betide you if you don't wait in turn). And before anyone asks me why aren't I running 10.x, I will as soon as my new server arrives; the current box is going to fail soon (the electrolytic capacitors are starting to bulge) so it's not worth the hassle. And anyway, I've screwed up the ports area Yet Again from a failure to read simple instructions :-( -- Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there)