bgpd.conf configuration
pf.conf configuration
spamd.conf configuration

Spamd-source Server
Coming soon

Route Server
bgpd.conf configuration
pf.conf configuration

Announce mailing list
Hosting is generously provided by


Route Server

Here we describe an example configuration for the Route Server. In it, we block all non-necessary connections, while allowing normal connections to the system.

The following pf.conf file is a sanitized version of the production configuration used by the reference server. IP addresses, and some limits are anonymized, but the rest is accurate.


set skip on lo
set skip on enc0

set block-policy return

block           # block stateless traffic

pass out proto { udp tcp } to port 53
pass out proto udp to port ntp

pass proto icmp
pass proto udp to port 33434:33534      # traceroute
pass proto tcp to port { smtp, ssh, http }

# Always allow connections to our peers
pass quick proto tcp from { $spamd_sources } to any port bgp
pass quick proto tcp from any to { $spamd_sources} port bgp

# Limit connections to one connection per client
pass in proto tcp to any port bgp \
        keep state (source-track rule, max-src-states 1, tcp.finwait 5)
© 2013-2017 Peter Hessler