Any logging for max new connections?



  • I've set a max new connections limit on the WAN rule that forwards smtp traffic to the Postfix forwarder package.

    Without logging turned on for the whole rule, should I expect to see anything in the logs to say that an IP address has been blocked for exceeding that limit?



  • Well I think there is, and it should be handled by the default rule logging. Why don't you set max new connections to 1 and load the page from a couple of places and then check the logs.



  • Thanks podilarius.  Just now I tested it using a couple of those "Check your mail server security" sites.

    They both got disconnected after a few hits and their IPs appeared in the virusprot table.  No log entries though.

    I have Log packets blocked by the default rule disabled.  There's too much noise generated by that.

    I was really only asking so I could have something to look for in the logs and confirm that I had won at least one battle in the war.

    My other alternative was to use Postfix's smtpd_client_connection_rate_limit but I'd rather these spammers didn't even get that far.

    Thanks again.

    biggsy



  • I don't know about logging, but I do know it works. As you have tested.  I used it in linux and also in pfsense. I actually had mine to restrictive and people where loosing connection to my web server.


Locked