Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 6 Apr 2003 17:48:17 -0700
From:      Sereciya Kurdistani <sereciya@kurdistan.ath.cx>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: Quick IPFW Question Concerning Sendmail
Message-ID:  <20030407004817.GB27284@kurdistan.ath.cx>
In-Reply-To: <1y0fl5v2.fsf@ID-23066.news.dfncis.de>
References:  <20030403182847.GC23675@kurdistan.ath.cx> <20030403135048.D92663-100000@diana.northnetworks.ca> <20030405174853.GA94738@kurdistan.ath.cx> <wui77g76.fsf@ID-23066.news.dfncis.de> <20030406162735.GA2797@kurdistan.ath.cx> <1y0fl5v2.fsf@ID-23066.news.dfncis.de>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Clemens,

  Thank you for replying ;)

> i'm not familiar with ipfw2 and just can't get these rules into my
> head.  to me this looks like they do nothing:  no blocking or
> passing, this depends on what follows.

  The skipto's are part of the rules, using them I can add more
  constraints to the following rules.
 
> i have this in old ipfw (edited for a single workstation):

  Thank you for posting your sample ipfw script.

  ...snip... 

>   # incoming packets _must_ have our destination IP!
>   add deny $Llog all from any to not ${oip} $Recv

  ...snip... 

> 
> >   Incoming SMTP is handled with a rule like:
> >
> >   ipfw add NNNN pipe N log tcp from any to any smtp,smtps in via ${oif}
> 
> where is the pipe handled?

  fromt the skipto several lines up ;)

> 
> >> i imagine your rules allowing _you_ to query others for AUTH data,
> >> but you don't allow others this privilege.

  Yes, it's called paranoia ;)

> >
> >   That's correct.  Am I breaking a netiquette rule that I may not be
> >   familiar with?
> 
> that's entirely up to you, but paranoid users may deny doing business
> with you if you allow your setup to take security measures you deny
> them.

  I suppose that's a risk I'll have to take ;)  I hope I don't upset
  too many script-kiddies for not leaving more of my ports open.
 
> > | Welat xwe ava nake, dest bidin hevdu, pist nedin tu dijmin...
> 
> with a big signature like this, it's certainly netiquette to also
> provide an english translation.  

  The translation would make it at least twice as long!
  I can see the headlines now... "spammer sends mail with signature longer
  than the actual message contents" ;)

> i asked you in private email for
> this, but you didn't reply.  

  I will be more than happy to provide you with a translation.  Just
  the joy of having one person wonder what in the heck i've written
  in my signature is reason enough to provide it.

  | Welat xwe ava nake, dest bidin hevdu, pist nedin tu dijmin  |
  |   Riya azadiy ne hsan e, hviya xwe bernedin, dema me      |
  |     nzk e.                                                 |
  |                                                              |
  | Hevalt bi kesn du r nekin, hevalt bi hevdu ra bikin      |
  |   Ne ji hevaltiya wan kesn pxwas  r dirj, ne bi wan     |
  |     kesn xwnperest, ne j ji yn din.                      |

  It says...

  "A country does not form by itself, help each other out, not your enemies
   The path to freedom is not an easy one, do not lose hope, our time
   is nearing

   Do not take advice from the backward and uneducated, do not make friends
   with those who have no compassion, morality or respect for human life"

> if you want to tell your fellow
> countrymen something, there are more appropriate channels.  lists like
> this one keep politics and tech stuff apart.

  Relax... just because it's in a foreign language, it doesn't necessarily
  mean that there's anything offensive there.

--Srciya Kurdistan



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20030407004817.GB27284>