Date: Thu, 12 Jun 2025 04:06:28 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 287461] pf overload rule overrides other filters Message-ID: <bug-287461-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287461 Bug ID: 287461 Summary: pf overload rule overrides other filters Product: Base System Version: 14.3-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: misc Assignee: bugs@FreeBSD.org Reporter: bc979@lafn.org pf.conf extract on server 'mail': block in quick log on $ext_if proto tcp from <woodpeckers> to any port $SMTP pass in inet proto tcp to any port $SMTP \ flags S/SA keep state \ (max-src-conn 20, max-src-conn-rate 10/60, \ overload <woodpeckers> flush global) block in quick log on $ext_if proto tcp from any to any port $telnet anchor "blacklistd/*" in on $ext_if mail# pfctl -a blacklistd/25 -tport25 -Ts 10.0.1.235 mail# >From machine with IP 10.0.1.235: test# telnet mail 25 Trying 10.0.1.230... Connected to mail. Escape character is '^]'. 220 mail.sermon-archive.info ESMTP Postfix quit 221 2.0.0 Bye Connection closed by foreign host. The presence of the overload function overrides the blacklistd rules. The connection is made even though there is a blocking IP address in the table. I don't know if this is an intended feature or a bug. In either case it is not documented anywhere I could find. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-287461-227>