Quick IPFW Question Concerning Sendmail
clemens fischer
ino-qc at spotteswoode.de.eu.org
Sun Apr 6 09:18:12 PDT 2003
Sereciya Kurdistani <sereciya at kurdistan.ath.cx>:
> vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
> ipfw add NNNN check-state
> ipfw add NNNN allow { udp or tcp } from any to any dst-port smtp,auth,smtps out via tun0 keep-state
> ipfw add NNNN allow log tcp from any to any dst-port smtp,smtps in via tun0
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> This way, you don't have to allow any ports open for any incoming traffic not matched
> by the stateful rules, ;)
are you sure this does what you want? i don't see the customary
anti-spoofing rules and there's a lot to be said for keeping state
especially on _incoming_ connections. if these are all your rules,
then what about incoming SMTP and AUTH on port 113?
i imagine your rules allowing _you_ to query others for AUTH data,
but you don't allow others this privilege.
clemens
More information about the freebsd-ipfw
mailing list