ipf rules question
Erik Norgaard
norgaard at locolomo.org
Tue Jul 28 14:33:12 UTC 2009
Jay Hall wrote:
> And, following is the output from ipfstat showing the relevant rule(s).
>
> @140 block in quick proto tcp from 82.0.0.0/8 to any port = smtp
>
> If I am looking at everything correctly all traffic coming into the
> system from the 82.0.0.0/8 network to port 25 on the mail server
> should be blocked.
>
> What am I missing?
I can't tell you what you're missing, but we're missing the entire
story. Just because you have a block rule doesn't mean that things will
get blocked if you have a pass rule before. You need to post the entire
ruleset if you want help with that.
Evidently, things get passed by some other rule, you can get a clue by
adding the log action to all rules passing packets to port 25 or any port.
When adding new rules it is a good idea to add log statements so you can
debug. Once things work, remove them to reduce the noise.
BR, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
More information about the freebsd-questions
mailing list