Date: Mon, 3 Nov 2014 08:39:55 +0100 From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= <eri@freebsd.org> To: Dave Horsfall <dave@horsfall.org> Cc: FreeBSD PF List <freebsd-pf@freebsd.org> Subject: Re: Getting tables to work in PF Message-ID: <CAPBZQG2b7=iiGLsj-vtuiaWRUJ-Gk6n9JwCXxVjCMeVEqsuing@mail.gmail.com> In-Reply-To: <alpine.BSF.2.00.1411031433070.1220@aneurin.horsfall.org> References: <alpine.BSF.2.00.1411031433070.1220@aneurin.horsfall.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Probably you forgot to clear the states! On Mon, Nov 3, 2014 at 4:54 AM, Dave Horsfall <dave@horsfall.org> wrote: > FreeBSD 8.2-RELEASE-p3 binary (yeah, I need to update, but my DVD reader > is busted). > > After seeing an obnoxious spammer on 216.66.15.120 (it doesn't take "550 > 5.7.1" as a hint), I thought this would be a good time to try tables so > that it doesn't clutter my reject log. > > /etc/pf.conf: > > table <spammers> persist file "/etc/spammers" > ... > block in log quick on $ext_if from <spammers> to any > > /etc/spammers: > > # netman.cust.fsi.io > 216.66.15.120 > > and restart. File gets read, but it's not blocking. OK, add it in by > hand: > > aneurin# pfctl -t spammers -Tadd 216.66.15.120 > No ALTQ support in kernel > ALTQ related functions disabled > 1 table created. > 1/1 addresses added. > > Odd. So the table is now created, but it still ain't blocking. Adding it > a second time is ignored. > > I also tried blocking woodpeckers (those which retry *seconds* later). > > /etc/pf.conf: > > table <woodpeckers> persist > ... > block in log quick on $ext_if from <woodpeckers> > # No more that 10/IP, or 5/minute should be plenty. > pass inet proto tcp from any port smtp \ > flags S/SA keep state \ > (max-src-conn 10, max-src-conn-rate 5/60, \ > overload <woodpeckers> flush global) > > Nope. Try by hand: > > aneurin# pfctl -t woodpeckers -T add 212.192.226.180 > No ALTQ support in kernel > ALTQ related functions disabled > 1 table created. > 1/1 addresses added. > > Nope. Nothing in the log, and "pfctl -t woodpeckers -T show -v" reports > no matches. > > As a quick test, I disallow *all* SMTP. Still works. > > So, err, does PF actually work? Have I stuffed up somewhere? > > Thanks. > > -- > Dave Horsfall (VK2KFU) "Bliss is a MacBook with a FreeBSD server." > http://www.horsfall.org/spam.html (and check the home page whilst you're > there) > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Ermal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPBZQG2b7=iiGLsj-vtuiaWRUJ-Gk6n9JwCXxVjCMeVEqsuing>