From owner-freebsd-pf@FreeBSD.ORG  Sun Aug 23 01:41:42 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9386B1065702
	for <freebsd-pf@freebsd.org>; Sun, 23 Aug 2009 01:41:42 +0000 (UTC)
	(envelope-from LConrad@Go2France.com)
Received: from mgw1.MEIway.com (mgw1.meiway.com [81.255.84.75])
	by mx1.freebsd.org (Postfix) with ESMTP id 58BB78FC16
	for <freebsd-pf@freebsd.org>; Sun, 23 Aug 2009 01:41:42 +0000 (UTC)
Received: from VirusGate.MEIway.com (virusgate.meiway.com [81.255.84.76])
	by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id AA28A4718DC
	for <freebsd-pf@freebsd.org>; Sun, 23 Aug 2009 03:41:41 +0200 (CEST)
Received: from mail.Go2France.com (ms1.meiway.com [81.255.84.73])
	by VirusGate.MEIway.com (Postfix) with ESMTP id 9DB383865B4
	for <freebsd-pf@freebsd.org>; Sun, 23 Aug 2009 03:41:41 +0200 (CEST)
	(envelope-from LConrad@Go2France.com)
Received: from W500.Go2France.com [66.90.254.224] by mail.Go2France.com with
	ESMTP (SMTPD32-7.07) id AE25DBA80130; Sun, 23 Aug 2009 03:40:53 +0200
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Sat, 22 Aug 2009 20:41:38 -0500
To: freebsd-pf@freebsd.org
From: Len Conrad <LConrad@Go2France.com>
In-Reply-To: <a2b6592c0908221807q24e7f54aka75b561debca63eb@mail.gmail.co
 m>
References: <200908230132343.SM01728@W500.Go2France.com>
	<a2b6592c0908221807q24e7f54aka75b561debca63eb@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <200908230340125.SM01728@W500.Go2France.com>
Subject: Re: something like bruteblock for pf?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Aug 2009 01:41:42 -0000


>> I've used bruteblock, which manages ipfw, for blocking SMTP attackers and reducing smtp connects by 10s of 1000s per day.
>
>[snip]
>
>> Anybody know of anything similar for pf?
>
>
>http://www.bgnett.no/~peter/pf/en/spamd.setup.html

thanks, but I've never liked tarpitting, no matter how inexpensive it is, and I already have greylisting. 

I'm looking for something like bruteblock that logwatches (smtp, ssh, ftp, whatever) and inserts/removes TCP block rules into pf for x hours, so the protocol daemons are involved.

Len