Date: Wed, 29 Mar 2017 13:06:01 -0700 From: "Chris H" <bsd-lists@bsdforge.com> To: "FreeBSD pf" <freebsd-pf@freebsd.org> Subject: When should I worry about performance tuning? Message-ID: <ee6734e6caa6591c051c1d4ff66e9937@ultimatedns.net>
next in thread | raw e-mail | index | archive | help
OK. My association with FreeBSD has made me a prime target for every male hormone distributor on the net. Fact is; I can guarantee ~89 SPAM attempts in under 5 minutes, after creating a pr on bugzilla. At first I was angry, and frustrated. But decided to make it a challenge/contest, and see my way to thwarting their attacks. Long story short; I think I'm on the right track; In just over a month, I've managed to trap just under 3 million (2,961,264) *bonafide* SPAM sources. I've been honing, and tuning my approach to insure that there are zero false positives, and at the same time, make it more, and more efficient. So now that I'm dropping packets from *so* many IP's I'm wondering if it's not time to better tune pf(4). I've never worked pf hard enough to do any more than create a table, and a few simple rules. But I think I need to do more. Here's the bulk of what I'm using now: ################################### set loginterface re0 set block-policy drop set fingerprints "/etc/pf.os" scrub in all set skip on lo0 antispoof quick for lo0 antispoof for re0 inet table <spammers> persist file "/etc/SPAMMERS" block in log quick on re0 proto tcp from <spammers> to port {smtp, submission, pop3, imap, imaps} ################################### Would set optimization be warranted? Any thoughts, or advice greatly appreciated! --Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ee6734e6caa6591c051c1d4ff66e9937>