Hi, I do not understand, I'm blocking some IP with these PF rules:
table <spamd> persist
table <spamd-white> persist
table <blacklist> persist file "/var/db/blacklistâ
block in log
block in quick from urpf-failed label uRPF
pass out all modulate state
pass in quick inet proto icmp icmp-type { echoreq, unreach }
pass in quick on egress proto tcp \
from <spamd-white> \
to (egress) port smtp \
flags S/SA modulate state
pass in quick on egress proto tcp \
from <spamd> \
to (egress) port smtp \
rdr-to 127.0.0.1 port spamd
pass out quick on egress proto tcp to any port smtp
block return in quick from <blacklist> to any
I add IP with pfctl -t blacklist -T add 119.81.219.7 or or by editing the
file, after I reload the table with: pfctl -t blacklist -T replace -f
/var/db/blacklist
But these IP continue to connect again...
Jan 10 11:57:48 server spamd[7762]: (BLACK) 119.81.219.7:
<[email protected]> -> <[email protected]>
Jan 10 11:59:33 server spamd[7762]: 119.81.219.7: To:
[email protected]
Jan 10 11:59:33 server spamd[7762]: 119.81.219.7: Subject: Your PayPal account
has been limited
Jan 10 11:59:33 server spamd[7762]: 119.81.219.7: From: "PayPal"
<[email protected]>
Jan 10 12:00:49 server spamd[7762]: 119.81.219.7: disconnected after 390
seconds. lists: uatraps blacklist
I don't understand, this address should no longer be able to connect to the
system?
Gianluca
[demime 1.01d removed an attachment of type application/pgp-signature]
