From owner-freebsd-questions  Tue Apr 17 15:46:12 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ns-exch05.jccc.net (ns-exch05.jccc.net [198.248.56.5])
	by hub.freebsd.org (Postfix) with ESMTP id 2B27A37B43F
	for <freebsd-questions@FreeBSD.ORG>; Tue, 17 Apr 2001 15:46:06 -0700 (PDT)
	(envelope-from ndunker@jccc.net)
Received: by ns-exch05 with Internet Mail Service (5.5.2653.19)
	id <HZT74XM7>; Tue, 17 Apr 2001 17:43:44 -0500
Message-ID: <C18E28011272D41180AD00B0D0496C0801C02169@ns-exch05>
From: Noah Dunker <ndunker@jccc.net>
To: "'michael@tenzo.com'" <michael@tenzo.com>,
	freebsd-questions@FreeBSD.ORG
Subject: RE: Three easy questions about ipfw...
Date: Tue, 17 Apr 2001 17:43:40 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

1) "No."  Block it on the external IP.

2) I'd say it's acceptable.  If your network doesn't change, make it static.

3) Again... There's no real rule on how to write your IPFW filters.
   Just run with what works, and have fun!

Noah Dunker
Systems Analyst/Technician
Johnson County Community College 



-----Original Message-----
From: Michael O'Henly [mailto:michael@tenzo.com]
Sent: Tuesday, April 17, 2001 5:43 PM
To: freebsd-questions@FreeBSD.ORG
Subject: Three easy questions about ipfw...


Hi...

1. If I'm running sendmail but use it for outgoing mail only, should I make 
port 25 open on the external interface? For instance, would my machine need 
to receive responses confirming that outgoing mail has been successfully 
delivered?

2. If I describe $onet as being equal to $oip, ipfw seems to be able to 
figure out the bitmask for $onet by looking at the netmask. (I know this 
because I can see what $onet is expanded to when I do a 'ipfw list'.) Is
this 
acceptable or should I be using something like:

	onet=`ifconfig rl0 | grep "inet " | awk '{print $2 "/23"}'`

3. If describing $onet as being equal to $oip _is_ acceptable, would it be 
more efficient to enter it as...

	onet=`ifconfig rl0 | grep "inet " | awk '{print $2}'`
	omask="255.255.254.0"
	oip=onet

Or better yet, to just replace all occurrences of $onet in rc.firewall with 
$oip?


Thanks.

M.

-- 
Michael O'Henly
TENZO Design

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message