From owner-freebsd-ipfw Wed Jan 8 6:50:23 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 054A537B401 for ; Wed, 8 Jan 2003 06:50:23 -0800 (PST) Received: from smnolde.com (c-24-98-61-182.atl.client2.attbi.com [24.98.61.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C5DA43EB2 for ; Wed, 8 Jan 2003 06:50:22 -0800 (PST) (envelope-from scott@smnolde.com) Received: from [192.168.10.7] (helo=bsd.smnolde.com) by smnolde.com with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #1) id 18WHXA-000J1x-00 for freebsd-ipfw@freebsd.org; Wed, 08 Jan 2003 09:50:20 -0500 Received: from scott by bsd.smnolde.com with local (Exim 3.36 #1) id 18WHXA-0005FX-00 for freebsd-ipfw@freebsd.org; Wed, 08 Jan 2003 09:50:20 -0500 Date: Wed, 8 Jan 2003 09:50:20 -0500 From: "Scott M. Nolde" To: freebsd-ipfw@freebsd.org Subject: Feature Request Message-ID: <20030108145020.GA15778@smnolde.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-GPG_Fingerprint: 0BD6 DDB4 2978 EB60 E0C8 33F2 BC34 9087 D869 AB48 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Has there been consideration to make a "relative skip" function similar to skipto, where the number of rules are skipped relative to the rule itself? E.g., "ipfw add skiprel 12 tcp from any to me 1234" would skip the next 12 ipfw rules or match the default rule if the skip would skip over the default rule. Any comments? -- Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Jan 8 14:32: 4 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5873737B401 for ; Wed, 8 Jan 2003 14:32:03 -0800 (PST) Received: from ns.itga.com.au (ns.itga.com.au [202.53.40.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB9D643EE1 for ; Wed, 8 Jan 2003 14:32:01 -0800 (PST) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by ns.itga.com.au (8.9.3/8.9.3) with ESMTP id JAA76797; Thu, 9 Jan 2003 09:31:45 +1100 (EST) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (localhost [127.0.0.1]) by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id JAA17004; Thu, 9 Jan 2003 09:31:44 +1100 (EST) Message-Id: <200301082231.JAA17004@lightning.itga.com.au> X-Mailer: exmh version 2.4 05/15/2001 with nmh-1.0.4 From: Gregory Bond To: "Scott M. Nolde" Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Feature Request In-reply-to: Your message of Wed, 08 Jan 2003 09:50:20 -0500. Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 09 Jan 2003 09:31:43 +1100 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ?Has there been consideration to make a "relative skip" function > Any comments? Horrible idea. Rules can be added and deleted in the gap, which silently changes the meaning of your firewall ruleset. A maintenance nightmare. And, as far as I can see, no redeeming features to compensate for the almost certain foot-shooting this would allow. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Jan 8 16: 0: 8 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E85D37B401 for ; Wed, 8 Jan 2003 16:00:07 -0800 (PST) Received: from smnolde.com (c-24-98-61-182.atl.client2.attbi.com [24.98.61.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 80BA643ED8 for ; Wed, 8 Jan 2003 16:00:06 -0800 (PST) (envelope-from scott@smnolde.com) Received: from [192.168.10.7] (helo=bsd.smnolde.com) by smnolde.com with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #1) id 18WQ7C-000LzS-00; Wed, 08 Jan 2003 19:00:06 -0500 Received: from scott by bsd.smnolde.com with local (Exim 3.36 #1) id 18WQ7B-0005kV-00; Wed, 08 Jan 2003 19:00:05 -0500 Date: Wed, 8 Jan 2003 19:00:05 -0500 From: "Scott M. Nolde" To: Gregory Bond Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Feature Request Message-ID: <20030109000005.GB15778@smnolde.com> References: <200301082231.JAA17004@lightning.itga.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200301082231.JAA17004@lightning.itga.com.au> User-Agent: Mutt/1.4i X-GPG_Fingerprint: 0BD6 DDB4 2978 EB60 E0C8 33F2 BC34 9087 D869 AB48 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Gregory Bond(gnb@itga.com.au)@2003.01.09 09:31:43 +0000: > ?Has there been consideration to make a "relative skip" function > > > Any comments? > > Horrible idea. Rules can be added and deleted in the gap, which silently > changes the meaning of your firewall ruleset. A maintenance nightmare. > > And, as far as I can see, no redeeming features to compensate for the almost > certain foot-shooting this would allow. I don't see it that way. I work in process automation and in our modular programming language we have this capability to skip a number of "blocks" or "jump out" of the program. I understand that rules can be added and removed, but in most cases, once the ruleset is "stable" nothing much changes. Having a relative skip would help me since I have written a number of ipfw-based firewall scripts which could benefit from a relative skip. As you perceive it to become a maintenance nightmare, I see it as a potential benefit. -- Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Jan 8 18:21:59 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C524B37B401 for ; Wed, 8 Jan 2003 18:21:58 -0800 (PST) Received: from smtp.netcabo.pt (smtp.netcabo.pt [212.113.174.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2279243E4A for ; Wed, 8 Jan 2003 18:21:54 -0800 (PST) (envelope-from hununu@netcabo.pt) Received: from cheetah ([213.22.35.171]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.5329); Thu, 9 Jan 2003 02:20:38 +0000 From: "Bruno Afonso" Organization: Artists, Inc. To: freebsd-ipfw@FreeBSD.ORG Date: Thu, 09 Jan 2003 02:21:10 -0000 MIME-Version: 1.0 Subject: Re: Feature Request Reply-To: hununu@netcabo.pt Message-ID: <3E1CDC96.24785.27A7458@localhost> In-reply-to: <20030109000005.GB15778@smnolde.com> References: <200301082231.JAA17004@lightning.itga.com.au> X-mailer: Pegasus Mail for Windows (v4.02a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-OriginalArrivalTime: 09 Jan 2003 02:20:38.0224 (UTC) FILETIME=[B30C0D00:01C2B785] Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 8 Jan 2003 at 19:00, Scott M. Nolde wrote: > I understand that rules can be added and removed, but in most cases, once > the ruleset is "stable" nothing much changes. Having a relative skip > would help me since I have written a number of ipfw-based firewall scripts > which could benefit from a relative skip. If you happen to need to make some quick changes, you will not see it that way. You will have to re-read the entire ruleset, calculate the skips, etc. imho, this feature would used by 1% of users. I honestly can't think of any big advantages in the long run at all. Bruno Miguel Afonso, Biological Eng. student. brunomiguel at dequim dot ist dot utl dot pt D.E.Q. @ I.S.T. - Portugal To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Jan 9 6:41: 2 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45E1B37B405 for ; Thu, 9 Jan 2003 06:41:01 -0800 (PST) Received: from accord.grasslake.net (accord.grasslake.net [209.98.56.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9EF3643F13 for ; Thu, 9 Jan 2003 06:41:00 -0800 (PST) (envelope-from swb@accord.grasslake.net) Received: from accord.grasslake.net (localhost [127.0.0.1]) by accord.grasslake.net (8.12.6/8.12.6) with ESMTP id h09EUOGi060977 for ; Thu, 9 Jan 2003 08:30:24 -0600 (CST) (envelope-from swb@accord.grasslake.net) Received: from localhost (swb@localhost) by accord.grasslake.net (8.12.6/8.12.6/Submit) with ESMTP id h09EUOOG060974 for ; Thu, 9 Jan 2003 08:30:24 -0600 (CST) Date: Thu, 9 Jan 2003 08:30:24 -0600 (CST) From: Shawn Barnhart To: freebsd-ipfw@freebsd.org Subject: Re: Feature Request In-Reply-To: <3E1CDC96.24785.27A7458@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 9 Jan 2003, Bruno Afonso wrote: > On 8 Jan 2003 at 19:00, Scott M. Nolde wrote: > > > I understand that rules can be added and removed, but in most cases, once > > the ruleset is "stable" nothing much changes. Having a relative skip > > would help me since I have written a number of ipfw-based firewall scripts > > which could benefit from a relative skip. > > If you happen to need to make some quick changes, you will not see it that way. You will > have to re-read the entire ruleset, calculate the skips, etc. imho, this feature would used > by 1% of users. > > I honestly can't think of any big advantages in the long run at all. I'd wager the original poster wants to jump to a specific rule and not just arbitrarily +5 or something. Would a better idea be having the ability to assign a label to a specific rule? That way you could jump to the label and not just N rules. This way you could change the ruleset and not fubar the skips. -- swb@grasslake.net Hard work often pays off after time, but laziness always pays off now. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Jan 9 8:32:42 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8184E37B401 for ; Thu, 9 Jan 2003 08:32:40 -0800 (PST) Received: from smnolde.com (c-24-98-61-182.atl.client2.attbi.com [24.98.61.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40B5443F13 for ; Thu, 9 Jan 2003 08:32:39 -0800 (PST) (envelope-from scott@smnolde.com) Received: from [192.168.10.7] (helo=bsd.smnolde.com) by smnolde.com with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #1) id 18Wfbc-00019z-00; Thu, 09 Jan 2003 11:32:32 -0500 Received: from scott by bsd.smnolde.com with local (Exim 3.36 #1) id 18Wfbc-0005vA-00; Thu, 09 Jan 2003 11:32:32 -0500 Date: Thu, 9 Jan 2003 11:32:31 -0500 From: "Scott M. Nolde" To: Shawn Barnhart Cc: freebsd-ipfw@freebsd.org Subject: Re: Feature Request Message-ID: <20030109163231.GD15778@smnolde.com> References: <3E1CDC96.24785.27A7458@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-GPG_Fingerprint: 0BD6 DDB4 2978 EB60 E0C8 33F2 BC34 9087 D869 AB48 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Shawn Barnhart(swb@accord.grasslake.net)@2003.01.09 08:30:24 +0000: > On Thu, 9 Jan 2003, Bruno Afonso wrote: > > > On 8 Jan 2003 at 19:00, Scott M. Nolde wrote: > > > > > I understand that rules can be added and removed, but in most cases, once > > > the ruleset is "stable" nothing much changes. Having a relative skip > > > would help me since I have written a number of ipfw-based firewall scripts > > > which could benefit from a relative skip. > > > > If you happen to need to make some quick changes, you will not see it that way. You will > > have to re-read the entire ruleset, calculate the skips, etc. imho, this feature would used > > by 1% of users. > > > > I honestly can't think of any big advantages in the long run at all. > > I'd wager the original poster wants to jump to a specific rule and not just > arbitrarily +5 or something. > > Would a better idea be having the ability to assign a label to a specific > rule? That way you could jump to the label and not just N rules. This way > you could change the ruleset and not fubar the skips. No, I'd like to skip n rules. Skipping to a label could be useful, but the label is absolute like the skipto. In a router script where I have R routes, but each customer has their own set of N rules for packet matching, I could have the script skip N rules for each customer. Having the scripting functionality pre-configured will require much less time for rule maintenance without having to explicitly define a range of rules for each route or calculating a forward predictor for an absolute jump. I could edit the rule script, run the script and the relative jumps would be where i want them. For a router with many rules, having a relative skip would relieve the sysadmin from segregating a range of rule numbers for a particular packet function for a route. -- Scott Nolde GPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Jan 9 15:58:38 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 421CD37B401 for ; Thu, 9 Jan 2003 15:58:37 -0800 (PST) Received: from ns.itga.com.au (ns.itga.com.au [202.53.40.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id B46A343F5F for ; Thu, 9 Jan 2003 15:58:35 -0800 (PST) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by ns.itga.com.au (8.9.3/8.9.3) with ESMTP id KAA80334; Fri, 10 Jan 2003 10:58:19 +1100 (EST) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (localhost [127.0.0.1]) by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id KAA18762; Fri, 10 Jan 2003 10:58:18 +1100 (EST) Message-Id: <200301092358.KAA18762@lightning.itga.com.au> X-Mailer: exmh version 2.4 05/15/2001 with nmh-1.0.4 From: Gregory Bond To: "Scott M. Nolde" Cc: Shawn Barnhart , freebsd-ipfw@FreeBSD.ORG Subject: Re: Feature Request In-reply-to: Your message of Thu, 09 Jan 2003 11:32:31 -0500. Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 10 Jan 2003 10:58:18 +1100 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > In a router script where I have R routes, but each customer has their > own set of N rules for packet matching, I could have the script skip N > rules for each customer. For this kind of boilerplate rules, the most sensible solution is to use some sort of semi-automated method of generating the rulesets, using m4 or cpp or perl or shell functions or whatever you are comfortable with. This can just as easily handle absolute skipto as relative skipto, and doesn't open up the other problems that a relative skipto can cause. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Jan 9 15:58:55 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA7F037B401 for ; Thu, 9 Jan 2003 15:58:54 -0800 (PST) Received: from ns.itga.com.au (ns.itga.com.au [202.53.40.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F50543F3F for ; Thu, 9 Jan 2003 15:58:53 -0800 (PST) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by ns.itga.com.au (8.9.3/8.9.3) with ESMTP id KAA80338; Fri, 10 Jan 2003 10:58:52 +1100 (EST) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (localhost [127.0.0.1]) by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id KAA18824; Fri, 10 Jan 2003 10:58:52 +1100 (EST) Message-Id: <200301092358.KAA18824@lightning.itga.com.au> X-Mailer: exmh version 2.4 05/15/2001 with nmh-1.0.4 From: Gregory Bond To: Shawn Barnhart Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Feature Request In-reply-to: Your message of Thu, 09 Jan 2003 08:30:24 -0600. Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 10 Jan 2003 10:58:52 +1100 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Would a better idea be having the ability to assign a label to a specific > rule? You already can. It's called a rule number. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri Jan 10 23:13: 6 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 146E237B401 for ; Fri, 10 Jan 2003 23:13:06 -0800 (PST) Received: from sima.sita.kiev.ua (sima.sita.kiev.ua [193.193.223.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6B3343E4A for ; Fri, 10 Jan 2003 23:13:01 -0800 (PST) (envelope-from ay@sita.kiev.ua) Received: (from ay@localhost) by sima.sita.kiev.ua (8.Who.Cares/8.Who.Cares) id h0B7Cum51060 for freebsd-ipfw@freebsd.org; Sat, 11 Jan 2003 09:12:56 +0200 (EET) (envelope-from ay) Date: Sat, 11 Jan 2003 09:12:56 +0200 From: Alexander Yeremenko To: freebsd-ipfw@freebsd.org Subject: sendmail Q Message-ID: <20030111091256.A51012@sita.kiev.ua> Reply-To: ay@sita.kiev.ua Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The aim is : Box must support all local mail, all outgoing mail, and refuse any incoming mail via uplink. Corresponding rules are : X pass all from me to any XX pass tcp from any to me established XXX unreach tcp from any to me 25 via uplink result : telnet smth_faraway 25 Permission denied What goes wrong ? -- AY7-UANIC || AY15-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sat Jan 11 2: 8:27 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D74A37B401 for ; Sat, 11 Jan 2003 02:08:26 -0800 (PST) Received: from ns1.interbgc.com (mail.interbgc.com [217.9.224.3]) by mx1.FreeBSD.org (Postfix) with SMTP id 2D39D43F13 for ; Sat, 11 Jan 2003 02:08:22 -0800 (PST) (envelope-from rado@cablebg.net) Received: (qmail 90046 invoked by uid 1005); 11 Jan 2003 10:08:10 -0000 Received: from rado@cablebg.net by keeper.interbgc.com by uid 1002 with qmail-scanner-1.14 (uvscan: v4.1.60/v4241. Clear:. Processed in 1.34008 secs); 11 Jan 2003 10:08:10 -0000 Received: from 217-9-227-19.cablebg.net (HELO deckland) (217.9.227.19) by mail.cablebg.net with SMTP; 11 Jan 2003 10:08:09 -0000 Message-ID: <000d01c2b950$f05c2c90$13e309d9@deckland> From: "Radoslav Vasilev" To: Cc: References: <20030111091256.A51012@sita.kiev.ua> Subject: Re: sendmail Q Date: Sat, 11 Jan 2003 12:07:40 +0300 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG as far as i get it ,you're trying to deny incoming mail via upstream isp. why don't you just try to deny this very traffic, nothing more complecated ?! lets say your outer interface is _out_iface_ : deny tcp from any to me in recv _out_iface_ [...other rules here...] ----- Original Message ----- From: "Alexander Yeremenko" To: Sent: Saturday, January 11, 2003 10:12 AM Subject: sendmail Q > The aim is : > Box must support all local mail, all outgoing mail, and refuse any > incoming mail via uplink. Corresponding rules are : > X pass all from me to any > XX pass tcp from any to me established > XXX unreach tcp from any to me 25 via uplink > result : > telnet smth_faraway 25 > Permission denied > What goes wrong ? > > -- > AY7-UANIC || AY15-RIPE > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sat Jan 11 2: 8:28 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CC5137B405 for ; Sat, 11 Jan 2003 02:08:27 -0800 (PST) Received: from ns1.interbgc.com (mail.interbgc.com [217.9.224.3]) by mx1.FreeBSD.org (Postfix) with SMTP id BADF843F43 for ; Sat, 11 Jan 2003 02:08:23 -0800 (PST) (envelope-from rado@cablebg.net) Received: (qmail 90046 invoked by uid 1005); 11 Jan 2003 10:08:10 -0000 Received: from rado@cablebg.net by keeper.interbgc.com by uid 1002 with qmail-scanner-1.14 (uvscan: v4.1.60/v4241. Clear:. Processed in 1.34008 secs); 11 Jan 2003 10:08:10 -0000 Received: from 217-9-227-19.cablebg.net (HELO deckland) (217.9.227.19) by mail.cablebg.net with SMTP; 11 Jan 2003 10:08:09 -0000 Message-ID: <000d01c2b950$f05c2c90$13e309d9@deckland> From: "Radoslav Vasilev" To: Cc: References: <20030111091256.A51012@sita.kiev.ua> Subject: Re: sendmail Q Date: Sat, 11 Jan 2003 12:07:40 +0300 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG as far as i get it ,you're trying to deny incoming mail via upstream isp. why don't you just try to deny this very traffic, nothing more complecated ?! lets say your outer interface is _out_iface_ : deny tcp from any to me in recv _out_iface_ [...other rules here...] ----- Original Message ----- From: "Alexander Yeremenko" To: Sent: Saturday, January 11, 2003 10:12 AM Subject: sendmail Q > The aim is : > Box must support all local mail, all outgoing mail, and refuse any > incoming mail via uplink. Corresponding rules are : > X pass all from me to any > XX pass tcp from any to me established > XXX unreach tcp from any to me 25 via uplink > result : > telnet smth_faraway 25 > Permission denied > What goes wrong ? > > -- > AY7-UANIC || AY15-RIPE > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sat Jan 11 2: 8:33 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7ADC37B405 for ; Sat, 11 Jan 2003 02:08:31 -0800 (PST) Received: from ns1.interbgc.com (mail.interbgc.com [217.9.224.3]) by mx1.FreeBSD.org (Postfix) with SMTP id 43B5543F13 for ; Sat, 11 Jan 2003 02:08:28 -0800 (PST) (envelope-from rado@cablebg.net) Received: (qmail 90046 invoked by uid 1005); 11 Jan 2003 10:08:10 -0000 Received: from rado@cablebg.net by keeper.interbgc.com by uid 1002 with qmail-scanner-1.14 (uvscan: v4.1.60/v4241. Clear:. Processed in 1.34008 secs); 11 Jan 2003 10:08:10 -0000 Received: from 217-9-227-19.cablebg.net (HELO deckland) (217.9.227.19) by mail.cablebg.net with SMTP; 11 Jan 2003 10:08:09 -0000 Message-ID: <000d01c2b950$f05c2c90$13e309d9@deckland> From: "Radoslav Vasilev" To: Cc: References: <20030111091256.A51012@sita.kiev.ua> Subject: Re: sendmail Q Date: Sat, 11 Jan 2003 12:07:40 +0300 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG as far as i get it ,you're trying to deny incoming mail via upstream isp. why don't you just try to deny this very traffic, nothing more complecated ?! lets say your outer interface is _out_iface_ : deny tcp from any to me in recv _out_iface_ [...other rules here...] ----- Original Message ----- From: "Alexander Yeremenko" To: Sent: Saturday, January 11, 2003 10:12 AM Subject: sendmail Q > The aim is : > Box must support all local mail, all outgoing mail, and refuse any > incoming mail via uplink. Corresponding rules are : > X pass all from me to any > XX pass tcp from any to me established > XXX unreach tcp from any to me 25 via uplink > result : > telnet smth_faraway 25 > Permission denied > What goes wrong ? > > -- > AY7-UANIC || AY15-RIPE > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message