Date: Sat, 22 Nov 2003 17:14:05 -0800 (PST) From: Dorin H <bj93542@yahoo.com> To: OpenMacNews <freebsd-security.20.openmacnews@spamgourmet.com> Cc: freebsd-security@freebsd.org Subject: Re: how to get IPFW rules for SMTP server behind NAT server "right"? (freebsd-security: message 1 of 20) Message-ID: <20031123011405.80292.qmail@web12602.mail.yahoo.com> In-Reply-To: <2147483647.1069419685@[172.30.11.6]>
next in thread | previous in thread | raw e-mail | index | archive | help
<snip> > <snip> > > hadn't dawned on me to this, so: > > ipfw add 7000 allow log tcp from any to > ${smtp_server} 25 setup > ipfw add 7001 allow tcp from any to ${smtp_server} > 25 established > ipfw add 7002 allow log tcp from ${smtp_server} 25 > to any setup > ipfw add 7003 allow tcp from ${smtp_server} 25 to > any established > > right? Better with dynamic rules... you don't want any packet directed to ${smtp_server} 25 going inside, just those corresponding to a previous initiated connection (dropping SYN will allow the packet to pass your firewall, and it will not even be logged :)) 2c. /Dorin. __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031123011405.80292.qmail>