Hello Brian,
On Wed, May 27, 2020 at 02:35:46PM -0400, Brian Brombacher wrote:
> What do you do with <smtp> table in other rules? If you’re doing nothing,
> you need to do something like block additional connections, or adjust the
> pass rule to include from ! <smtp>
You're right. I forgot to mention I have these lines before:
table <smtp> persist file "/path/to/smtp.txt"
block in log quick inet proto tcp from <smtp> to any port { smtp smtps }
>
> Run: pfctl -t smtp -T show
>
> Does it show the offending IP? If so, the rule worked as you defined it.
>
>
I run a cron script that parses my log files and also add the offending
IPs to that table. To be sure the max-src-conn-rate adds those IPs to
the table I'll have to create an alternative table just to test.
