Rate-limiting in PF

Sat, 30 Sep 2017 19:11:58 -0700 

10.3-RELEASE-p21
I am trying to restrict woodpecker attempts to my mail server (stupid spamware regards rejects and a long banner it as a challenge), and following advice on this list I used the following (the important bit, anyway): 

    #
    # No more than 10/IP, or 5/m should be plenty.
    #
    pass inet proto tcp from any to any port smtp \
        flags S/SA keep state \
        (max-src-conn 10, max-src-conn-rate 5/60, \
        overload <woodpeckers> flush global)

And here is a sample log; I can see that the 10/IP works, but the 5/m does
not seem to be blocking the 10s attempts:

Oct  1 09:40:44 aneurin sm-mta[73002]: v8UMeZml073002: [196.196.27.126] did not 
issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Oct  1 09:40:55 aneurin sm-mta[73003]: v8UMejQm073003: [196.196.27.126] did not 
issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Oct  1 09:41:06 aneurin sm-mta[73004]: v8UMeuVT073004: [196.196.27.126] did not 
issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Oct  1 09:41:17 aneurin sm-mta[73005]: v8UMf6gp073005: [196.196.27.126] did not 
issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Oct  1 09:41:28 aneurin sm-mta[73006]: v8UMfH58073006: [196.196.27.126] did not 
issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Oct  1 09:41:40 aneurin sm-mta[73007]: v8UMfTfK073007: [196.196.27.126] did not 
issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Oct  1 09:41:52 aneurin sm-mta[73008]: v8UMfgXH073008: [196.196.27.126] did not 
issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Oct  1 09:42:03 aneurin sm-mta[73010]: v8UMfrxc073010: [196.196.27.126] did not 
issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Oct  1 09:42:14 aneurin sm-mta[73011]: v8UMg4x4073011: [196.196.27.126] did not 
issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
Oct  1 09:42:25 aneurin sm-mta[73012]: v8UMgFNw073012: [196.196.27.126] did not 
issue MAIL/EXPN/VRFY/ETRN during connection to IPv4

What have I done wrong?  Does max-src-conn-rate actually work?

--
Dave Horsfall DTM (VK2KFU)  "Those who don't understand security will suffer."
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"






















					Reply via email to