Any logging for max new connections?
I've set a max new connections limit on the WAN rule that forwards smtp traffic to the Postfix forwarder package.
Without logging turned on for the whole rule, should I expect to see anything in the logs to say that an IP address has been blocked for exceeding that limit?
Well I think there is, and it should be handled by the default rule logging. Why don't you set max new connections to 1 and load the page from a couple of places and then check the logs.
Thanks podilarius. Just now I tested it using a couple of those "Check your mail server security" sites.
They both got disconnected after a few hits and their IPs appeared in the virusprot table. No log entries though.
I have Log packets blocked by the default rule disabled. There's too much noise generated by that.
I was really only asking so I could have something to look for in the logs and confirm that I had won at least one battle in the war.
My other alternative was to use Postfix's smtpd_client_connection_rate_limit but I'd rather these spammers didn't even get that far.
I don't know about logging, but I do know it works. As you have tested. I used it in linux and also in pfsense. I actually had mine to restrictive and people where loosing connection to my web server.