To show active NAT sessions: pfctl -s state
To show just those going to SMTP ports: pfctl -s state | awk '$7 ~ /:25$/'
Helpful to find outgoing NAT sessions that might be caused by a spambot like, oh, let's say maybe cutwail.
And to show all SMTP sessions, both directions:
pfctl -s state | awk '$7 ~ /:25$/||$3 ~ /:25$/'
No comments:
Post a Comment