From owner-freebsd-ipfw Thu Apr 25 13:48: 5 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from gunjin.wccnet.org (gunjin.wccnet.org [198.111.176.99]) by hub.freebsd.org (Postfix) with ESMTP id 4BBE637B416 for ; Thu, 25 Apr 2002 13:48:02 -0700 (PDT) Received: from gunjin.wccnet.org (localhost.wccnet.org [127.0.0.1]) by gunjin.wccnet.org (8.12.2/8.12.2) with ESMTP id g3PKqrpc090393; Thu, 25 Apr 2002 16:52:53 -0400 (EDT) Received: (from rex@localhost) by gunjin.wccnet.org (8.12.2/8.12.1/Submit) id g3PKqrj0090391; Thu, 25 Apr 2002 16:52:53 -0400 (EDT) Date: Thu, 25 Apr 2002 16:52:53 -0400 (EDT) From: "Rex A. Roof" Message-Id: <200204252052.g3PKqrj0090391@gunjin.wccnet.org> To: freebsd-ipfw@freebsd.org Subject: Putting in place an incoming sendmail limit Cc: rex@gunjin.wccnet.org Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In order to prevent incoming DoS attacks via multiple sendmail connections, I've tried adding the following ipfw rule: allow tcp from any to any smtp limit src-addr 1 This works great, except that when it's triggered I get A LOT of messages like this: OUCH! cannot remove rule, count 1 drop session, too many entries over and over and over and over... I've tried adding a 'log logamount 1' in there, no difference. I've tried changing the following sysctl settings, with no luck: net.inet.ip.fw.debug, net.inet.ip.fw.verbose, net.inet.ip.fw.verbose_limit I'd like to limit these incoming sendmail connections, but the amount of logging output it creates is a bit extreme. I tried setting this up and just using telnet to connect to the sendmail port, and a dozen or so messages is created in a few seconds, just with two telnet sessions from the same machine. -Rex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message