From owner-freebsd-stable@FreeBSD.ORG Fri Jun 15 16:17:44 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (unknown [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AFECD1065672 for ; Fri, 15 Jun 2012 16:17:44 +0000 (UTC) (envelope-from prabhpal@digital-infotech.net) Received: from mail.digital-infotech.net (mail.digital-infotech.net [41.211.25.193]) by mx1.freebsd.org (Postfix) with ESMTP id 4DF188FC12 for ; Fri, 15 Jun 2012 16:17:44 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.digital-infotech.net (Postfix) with ESMTP id CC6112E404A for ; Fri, 15 Jun 2012 16:17:06 +0000 (GMT) Received: from mail.digital-infotech.net ([127.0.0.1]) by localhost (mail.digital-infotech.net [127.0.0.1]) (maiad, port 10024) with ESMTP id 01595-03 for ; Fri, 15 Jun 2012 16:17:06 +0000 (GMT) Received: from mail.digital-infotech.net (localhost [127.0.0.1]) by mail.digital-infotech.net (Postfix) with ESMTP id B0CF42E4017 for ; Fri, 15 Jun 2012 16:17:06 +0000 (GMT) X-DKIM: OpenDKIM Filter v2.5.0 mail.digital-infotech.net B0CF42E4017 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digital-infotech.net; s=digital; t=1339777026; bh=j0HwxurULA/ryU0DxYv3TxPkpcfHcXyAfG+1hGJPzGM=; h=Date:Subject:From:To:Reply-To; b=gzIHzI00wRk7qWdPGriHqlvLHf8xHEwyjiJECG8zMUVwb6hTo9K9V1p8SLsBMKCBo 4XyJgdh5os00IUesc5XvMfP4O8nokP9T3afe199J6i5v4QS19hcXR9hGji+OZw4hXg sYLgaKT1qoRES7AW1F/j/LkHA1VDz6hyf6lLs6Jc= Received: from 41.211.25.192 (SquirrelMail authenticated user prabhpal@digital-infotech.net) by mail.digital-infotech.net with HTTP; Fri, 15 Jun 2012 16:17:06 -0000 Message-ID: <4360846ab93b3a2b1968ee0f262cf148.squirrel@mail.digital-infotech.net> Date: Fri, 15 Jun 2012 16:17:06 -0000 From: "Shiv. Nath" To: freebsd-stable@FreeBSD.ORG User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: Subject: PF to Preventing SMTP Brute Force Attacks X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: prabhpal@digital-infotech.net List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jun 2012 16:17:44 -0000 Hi FreeBSD Gurus, i want to use PF to Preventing SMTP Brute Force Attacks. i need some help to understand correct syntax. URL Explaining this: http://www.openbsd.org/faq/pf/filter.html#stateopts i expect the following behavior from the PF rule below: Limit the absolute maximum number of states that this rule can create to 200 Enable source tracking; limit state creation based on states created by this rule only Limit the maximum number of nodes that can simultaneously create state to 100 Limit the maximum number of simultaneous states per source IP to 3 Solution: int0="em0" trusted_tcp_ports="{22,25,443,465}" pass in on $int0 proto tcp from any to any port $trusted_tcp_ports keep state max 200, source-track rule, max-src-nodes 100, max-src-states 3 please help .. Thanks / Regards