On 01/10/16 12:40, Gianluca D.Muscelli wrote:
Hi, I do not understand, I'm blocking some IP with these PF rules:
[ ... ]
pass in quick on egress proto tcp \
from <spamd> \
to (egress) port smtp \
rdr-to 127.0.0.1 port spamd
pass out quick on egress proto tcp to any port smtp
block return in quick from <blacklist> to any
The traffic matches the first quick rule here, and the blacklist
reference rule is never evaluated. Remove the 'quick's or move the
blacklist check to somewhere earlier in your config.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
