Date: Fri, 01 Sep 2017 23:24:23 -0700 From: "Chris H" <bsd-lists@bsdforge.com> To: <freebsd-pf@freebsd.org> Subject: Re: Help with woodpecker config (fwd) Message-ID: <4bd300df6764324185e9a95df6d6f7a2@ultimatedns.net> In-Reply-To: <alpine.BSF.2.21.1709010816490.40500@aneurin.horsfall.org> References: <alpine.BSF.2.21.1709010816490.40500@aneurin.horsfall.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 Sep 2017 08:21:10 +1000 (EST) Dave Horsfall <dave@horsfall.org> wrote
> Hmmm, no replies. Does this mean that no-one is using this useful
> feature, is using it but is not willing to share, or it's known not to
> work at all and are too embarrassed to say so?
Hello, Dave.
I'm not going to pretend that one size fits all, and neither
should you.
But You asked, so I'll throw you something that you can experiment
with that can work, in the right pf.conf(5) arrangement.
-----------------------------------------------------------------
# Cleanse every so often with "pfctl -t woodpeckers -T seconds.
#
table <woodpeckers> persist
block in log quick on $ext_if from <woodpeckers>
# No more than 10/IP, or 5/minute should be plenty.
pass inet proto tcp from any port smtp \
flags S/SA keep state \
(max-src-conn 10, max-src-conn-rate 5/60, \
overload <woodpeckers> flush global)
-----------------------------------------------------------------
I've seen other clever, or exotic arrangements as well.
A search on the net for pf woodpecker, and similar should
return them.
HTH
--Chris
>
> --
> Dave Horsfall DTM (VK2KFU) "Those who don't understand security will
> suffer."
>
> ---------- Forwarded message ----------
> Date: Wed, 16 Aug 2017 07:37:36 +1000 (EST)
> From: Dave Horsfall <dave@horsfall.org>
> To: FreeBSD PF List <freebsd-pf@freebsd.org>
> Subject: Help with woodpecker config
>
> I get a lot of woodpecker attempts on my mailserver i.e. a connection gets
> rejected for a variety of reasons (I have some fairly savage anti-spam
> measures) and they retry straight away. I've played with the "N connects
> in M seconds" stuff but cannot seem to get it to work (FreeBSD 10.3).
>
> Does anyone have a working config that they can share, to give me a leg up?
>
> Thanks.
>
> --
> Dave Horsfall DTM (VK2KFU) "Those who don't understand security will
> suffer." _______________________________________________
> freebsd-pf@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4bd300df6764324185e9a95df6d6f7a2>