On Thu, 07 Oct 2004 09:55:26 +0200, Cedric Berger <[EMAIL PROTECTED]> wrote: > i.t Consulting wrote: > > # pfctl -vvsr > > @16 block drop in log quick on rl0 proto tcp from <bloecke.port25:*> to any > > port = smtp > > [ Evaluations: 13 Packets: 0 Bytes: 0 States: > > 0 ] > > The ":*" after bloecke.port25 means the table does not exist. > Otherwise, the number after the ":" would tell you how many > addresses are currently in it. > Cedric
For example: $ sudo pfctl -vvsr . . . [ Evaluations: 961075 Packets: 213111 Bytes: 76349669 States: 0 ] @34 block drop in log quick proto tcp from <PDL:10994> to any port = smtp . . . This is my primary mail server rejecting SMTP sessions from hosts listed in the Pan-Am DUL (http://www.pan-am.ca/pdl/). The first field of each line in the list is an IP address or subnet in CIDR notation, so it's easy to just pass the list through cut and then reload the table from a file. I have never encountered a false positive in my six months of using the PDL. YMMV. Kevin (P.S. As counters are cleared when the pf ruleset is changed, the counters above are just one month's attempts.)
