When should I worry about performance tuning?

Chris H bsd-lists at bsdforge.com
Wed Mar 29 20:05:14 UTC 2017


OK. My association with FreeBSD has made me a prime
target for every male hormone distributor on the net.
Fact is; I can guarantee ~89 SPAM attempts in under 5
minutes, after creating a pr on bugzilla. At first I
was angry, and frustrated. But decided to make it a
challenge/contest, and see my way to thwarting their
attacks. Long story short; I think I'm on the right
track; In just over a month, I've managed to trap
just under 3 million (2,961,264) *bonafide* SPAM sources.
I've been honing, and tuning my approach to insure that
there are zero false positives, and at the same time,
make it more, and more efficient.
So now that I'm dropping packets from *so* many IP's
I'm wondering if it's not time to better tune pf(4).
I've never worked pf hard enough to do any more than
create a table, and a few simple rules. But I think I
need to do more.
Here's the bulk of what I'm using now:

###################################
set loginterface re0
set block-policy drop
set fingerprints "/etc/pf.os"
scrub in all
set skip on lo0
antispoof quick for lo0
antispoof for re0 inet

table <spammers> persist file "/etc/SPAMMERS"
block in log quick on re0 proto tcp from <spammers> to port {smtp, submission,
pop3, imap, imaps}
###################################

Would set optimization be warranted?
Any thoughts, or advice greatly appreciated!

--Chris




More information about the freebsd-pf mailing list