4. Any logging for max new connections?

Any logging for max new connections?

  • B

    I've set a max new connections limit on the WAN rule that forwards smtp traffic to the Postfix forwarder package.

    Without logging turned on for the whole rule, should I expect to see anything in the logs to say that an IP address has been blocked for exceeding that limit?

    0
  • P

    Well I think there is, and it should be handled by the default rule logging. Why don't you set max new connections to 1 and load the page from a couple of places and then check the logs.

    0
  • B

    Thanks podilarius.  Just now I tested it using a couple of those "Check your mail server security" sites.

    They both got disconnected after a few hits and their IPs appeared in the virusprot table.  No log entries though.

    I have Log packets blocked by the default rule disabled.  There's too much noise generated by that.

    I was really only asking so I could have something to look for in the logs and confirm that I had won at least one battle in the war.

    My other alternative was to use Postfix's smtpd_client_connection_rate_limit but I'd rather these spammers didn't even get that far.

    Thanks again.

    biggsy

    0
  • P

    I don't know about logging, but I do know it works. As you have tested.  I used it in linux and also in pfsense. I actually had mine to restrictive and people where loosing connection to my web server.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy