I've used bruteblock, which manages ipfw, for blocking SMTP attackers and reducing smtp connects by 10s of 1000s per day. But bruteblock, which hasn't moved in 3 years, logged a lot of errors like "failed to <ip> ..." which didn't seem to bother its effectiveness, but was concerning, and ugly. Anybody know of anything similar for pf? thanks Len