Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Any logging for max new connections?

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      biggsy
      last edited by

      I've set a max new connections limit on the WAN rule that forwards smtp traffic to the Postfix forwarder package.

      Without logging turned on for the whole rule, should I expect to see anything in the logs to say that an IP address has been blocked for exceeding that limit?

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        Well I think there is, and it should be handled by the default rule logging. Why don't you set max new connections to 1 and load the page from a couple of places and then check the logs.

        1 Reply Last reply Reply Quote 0
        • B
          biggsy
          last edited by

          Thanks podilarius.  Just now I tested it using a couple of those "Check your mail server security" sites.

          They both got disconnected after a few hits and their IPs appeared in the virusprot table.  No log entries though.

          I have Log packets blocked by the default rule disabled.  There's too much noise generated by that.

          I was really only asking so I could have something to look for in the logs and confirm that I had won at least one battle in the war.

          My other alternative was to use Postfix's smtpd_client_connection_rate_limit but I'd rather these spammers didn't even get that far.

          Thanks again.

          biggsy

          1 Reply Last reply Reply Quote 0
          • P
            podilarius
            last edited by

            I don't know about logging, but I do know it works. As you have tested.  I used it in linux and also in pfsense. I actually had mine to restrictive and people where loosing connection to my web server.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.