Keep in mind operations using pfctl such as reloading rule set or table from file, any IP’s caught in the smtp table by the max-src-conn-rate will be flushed depending on your command line.
> On May 27, 2020, at 4:29 PM, Walter Alejandro Iglesias <w...@roquesor.com> > wrote: > > Hello Brian, > >> On Wed, May 27, 2020 at 02:35:46PM -0400, Brian Brombacher wrote: >> What do you do with <smtp> table in other rules? If you’re doing nothing, >> you need to do something like block additional connections, or adjust the >> pass rule to include from ! <smtp> > > You're right. I forgot to mention I have these lines before: > > table <smtp> persist file "/path/to/smtp.txt" > block in log quick inet proto tcp from <smtp> to any port { smtp smtps } > >> >> Run: pfctl -t smtp -T show >> >> Does it show the offending IP? If so, the rule worked as you defined it. >> >> > > I run a cron script that parses my log files and also add the offending > IPs to that table. To be sure the max-src-conn-rate adds those IPs to > the table I'll have to create an alternative table just to test. > >