Hello Brian, On Wed, May 27, 2020 at 02:35:46PM -0400, Brian Brombacher wrote: > What do you do with <smtp> table in other rules? If you’re doing nothing, > you need to do something like block additional connections, or adjust the > pass rule to include from ! <smtp>
You're right. I forgot to mention I have these lines before: table <smtp> persist file "/path/to/smtp.txt" block in log quick inet proto tcp from <smtp> to any port { smtp smtps } > > Run: pfctl -t smtp -T show > > Does it show the offending IP? If so, the rule worked as you defined it. > > I run a cron script that parses my log files and also add the offending IPs to that table. To be sure the max-src-conn-rate adds those IPs to the table I'll have to create an alternative table just to test.