Date: Wed, 29 Mar 2017 16:53:54 -0700 From: "Chris H" <bsd-lists@bsdforge.com> To: FreeBSD PF List <freebsd-pf@freebsd.org>, Dave Horsfall <dave@horsfall.org> Subject: Re: When should I worry about performance tuning? Message-ID: <773b235971b4a8fa34d084222e018b4b@ultimatedns.net> In-Reply-To: <alpine.BSF.2.20.1703300814440.63087@aneurin.horsfall.org> References: <ee6734e6caa6591c051c1d4ff66e9937@ultimatedns.net> <404620925.34894.1490821068262.JavaMail.www@wwinf1g03>, <alpine.BSF.2.20.1703300814440.63087@aneurin.horsfall.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 30 Mar 2017 08:20:55 +1100 (EST) Dave Horsfall <dave@horsfall.org> wrote > On Wed, 29 Mar 2017, Martin MATO wrote: > > > In the first case, you'll should prefer setting greylisting / tarpitting > > at minimum, feeding a firewall table for blacklisting is a neverending > > story (plus, there is some real chance blocking real MX relays). > > A judicious selection of DNSBLs and enforcement of RFC-compliance etc do > the trick for me; I block several hundred attempts each day, with very few > false positives and hardly any getting through (and I don't mind wasting > SMTP cycles). I'm currently blocking (filtering) several hundred/hr > > And was the OP really blocking only a few ports and allowing the rest? Nope. Blocking all unused ports && filtering on the rest. :-) > If so, that's backwards to good practice. Indeed. I couldn't agree more. --Chris > > -- > Dave Horsfall DTM (VK2KFU) "Those who don't understand security will > suffer." _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?773b235971b4a8fa34d084222e018b4b>