From owner-freebsd-pf@FreeBSD.ORG Mon Nov 3 07:39:56 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 93D49D21 for ; Mon, 3 Nov 2014 07:39:56 +0000 (UTC) Received: from mail-pa0-x232.google.com (mail-pa0-x232.google.com [IPv6:2607:f8b0:400e:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 67BC5657 for ; Mon, 3 Nov 2014 07:39:56 +0000 (UTC) Received: by mail-pa0-f50.google.com with SMTP id eu11so11664065pac.37 for ; Sun, 02 Nov 2014 23:39:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=fS9XtjulQ44Ieapt0n0AFZTeDNnGwZkbsT1NUqc891k=; b=rPOPQr0mas8FHSP9kbT85zgUlZddmHnOtJdgaztorzRxdxQoD9n5erlFKAtGo0qPwE 3NZ73D4I/iXnl5sseZDweVXyxQ6OfbFlVshrWAuMpGP7GI94pU1LHZBloh++g2Z0wZ4L U6fdbMtUWg8Mom8SwY5Pvs8Aeuqn2U7fLuXx2yvWvlJFbGmqiVf8A9dYYkDthibwTDRh OrEUuBvBjaLBofHnN68wJahVorPTmKtr9p9PAqEU1G2fCQx7tMCqK9bS7e4s0yhLAvaI +bnzG0uoB5lvkyLdGHo6ujIgUbuzD48GE6PB7Arzs4d5jpRKzCcZcnO9NAT5S06EY5ED oVTA== MIME-Version: 1.0 X-Received: by 10.68.135.163 with SMTP id pt3mr7626129pbb.106.1415000395497; Sun, 02 Nov 2014 23:39:55 -0800 (PST) Sender: ermal.luci@gmail.com Received: by 10.70.73.2 with HTTP; Sun, 2 Nov 2014 23:39:55 -0800 (PST) In-Reply-To: References: Date: Mon, 3 Nov 2014 08:39:55 +0100 X-Google-Sender-Auth: 8MSXhb6zCU38CXp4GjwIE4NPjrU Message-ID: Subject: Re: Getting tables to work in PF From: =?UTF-8?Q?Ermal_Lu=C3=A7i?= To: Dave Horsfall Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: FreeBSD PF List X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 07:39:56 -0000 Probably you forgot to clear the states! On Mon, Nov 3, 2014 at 4:54 AM, Dave Horsfall wrote: > FreeBSD 8.2-RELEASE-p3 binary (yeah, I need to update, but my DVD reader > is busted). > > After seeing an obnoxious spammer on 216.66.15.120 (it doesn't take "550 > 5.7.1" as a hint), I thought this would be a good time to try tables so > that it doesn't clutter my reject log. > > /etc/pf.conf: > > table persist file "/etc/spammers" > ... > block in log quick on $ext_if from to any > > /etc/spammers: > > # netman.cust.fsi.io > 216.66.15.120 > > and restart. File gets read, but it's not blocking. OK, add it in by > hand: > > aneurin# pfctl -t spammers -Tadd 216.66.15.120 > No ALTQ support in kernel > ALTQ related functions disabled > 1 table created. > 1/1 addresses added. > > Odd. So the table is now created, but it still ain't blocking. Adding it > a second time is ignored. > > I also tried blocking woodpeckers (those which retry *seconds* later). > > /etc/pf.conf: > > table persist > ... > block in log quick on $ext_if from > # No more that 10/IP, or 5/minute should be plenty. > pass inet proto tcp from any port smtp \ > flags S/SA keep state \ > (max-src-conn 10, max-src-conn-rate 5/60, \ > overload flush global) > > Nope. Try by hand: > > aneurin# pfctl -t woodpeckers -T add 212.192.226.180 > No ALTQ support in kernel > ALTQ related functions disabled > 1 table created. > 1/1 addresses added. > > Nope. Nothing in the log, and "pfctl -t woodpeckers -T show -v" reports > no matches. > > As a quick test, I disallow *all* SMTP. Still works. > > So, err, does PF actually work? Have I stuffed up somewhere? > > Thanks. > > -- > Dave Horsfall (VK2KFU) "Bliss is a MacBook with a FreeBSD server." > http://www.horsfall.org/spam.html (and check the home page whilst you're > there) > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Ermal