how to get IPFW rules for SMTP server behind NAT server
"right"? (freebsd-security: message 1 of 20)
Dorin H
bj93542 at yahoo.com
Sat Nov 22 17:14:18 PST 2003
<snip>
> <snip>
>
> hadn't dawned on me to this, so:
>
> ipfw add 7000 allow log tcp from any to
> ${smtp_server} 25 setup
> ipfw add 7001 allow tcp from any to ${smtp_server}
> 25 established
> ipfw add 7002 allow log tcp from ${smtp_server} 25
> to any setup
> ipfw add 7003 allow tcp from ${smtp_server} 25 to
> any established
>
> right?
Better with dynamic rules... you don't want any packet
directed to ${smtp_server} 25 going inside, just those
corresponding to a previous initiated connection
(dropping SYN will allow the packet to pass your
firewall, and it will not even be logged :))
2c.
/Dorin.
__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/
More information about the freebsd-security
mailing list