Keep in mind operations using pfctl such as reloading rule set or table from
file, any IP’s caught in the smtp table by the max-src-conn-rate will be
flushed depending on your command line.
> On May 27, 2020, at 4:29 PM, Walter Alejandro Iglesias <w...@roquesor.com>
> wrote:
>
> Hello Brian,
>
>> On Wed, May 27, 2020 at 02:35:46PM -0400, Brian Brombacher wrote:
>> What do you do with <smtp> table in other rules? If you’re doing nothing,
>> you need to do something like block additional connections, or adjust the
>> pass rule to include from ! <smtp>
>
> You're right. I forgot to mention I have these lines before:
>
> table <smtp> persist file "/path/to/smtp.txt"
> block in log quick inet proto tcp from <smtp> to any port { smtp smtps }
>
>>
>> Run: pfctl -t smtp -T show
>>
>> Does it show the offending IP? If so, the rule worked as you defined it.
>>
>>
>
> I run a cron script that parses my log files and also add the offending
> IPs to that table. To be sure the max-src-conn-rate adds those IPs to
> the table I'll have to create an alternative table just to test.
>
>
