From owner-freebsd-ipfw@FreeBSD.ORG Sun Apr 6 17:48:23 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D13FE37B401 for ; Sun, 6 Apr 2003 17:48:23 -0700 (PDT) Received: from kurdistan.ath.cx (adsl-63-207-238-20.dsl.chic01.pacbell.net [63.207.238.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38E1243FB1 for ; Sun, 6 Apr 2003 17:48:22 -0700 (PDT) (envelope-from sereciya@kurdistan.ath.cx) Received: from kurdistan.ath.cx (ns1 [127.0.0.1]) by kurdistan.ath.cx (8.12.8/8.12.6) with ESMTP id h370mIY2028034; Sun, 6 Apr 2003 17:48:18 -0700 (PDT) (envelope-from sereciya@kurdistan.ath.cx) Received: (from sereciya@localhost) by kurdistan.ath.cx (8.12.8/8.12.6/Submit) id h370mHXK028033; Sun, 6 Apr 2003 17:48:17 -0700 (PDT) Date: Sun, 6 Apr 2003 17:48:17 -0700 From: Sereciya Kurdistani To: freebsd-ipfw@freebsd.org Message-ID: <20030407004817.GB27284@kurdistan.ath.cx> References: <20030403182847.GC23675@kurdistan.ath.cx> <20030403135048.D92663-100000@diana.northnetworks.ca> <20030405174853.GA94738@kurdistan.ath.cx> <20030406162735.GA2797@kurdistan.ath.cx> <1y0fl5v2.fsf@ID-23066.news.dfncis.de> Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1y0fl5v2.fsf@ID-23066.news.dfncis.de> User-Agent: Mutt/1.4i Subject: Re: Quick IPFW Question Concerning Sendmail X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2003 00:48:24 -0000 Clemens, Thank you for replying ;) > i'm not familiar with ipfw2 and just can't get these rules into my > head. to me this looks like they do nothing: no blocking or > passing, this depends on what follows. The skipto's are part of the rules, using them I can add more constraints to the following rules. > i have this in old ipfw (edited for a single workstation): Thank you for posting your sample ipfw script. ...snip... > # incoming packets _must_ have our destination IP! > add deny $Llog all from any to not ${oip} $Recv ...snip... > > > Incoming SMTP is handled with a rule like: > > > > ipfw add NNNN pipe N log tcp from any to any smtp,smtps in via ${oif} > > where is the pipe handled? fromt the skipto several lines up ;) > > >> i imagine your rules allowing _you_ to query others for AUTH data, > >> but you don't allow others this privilege. Yes, it's called paranoia ;) > > > > That's correct. Am I breaking a netiquette rule that I may not be > > familiar with? > > that's entirely up to you, but paranoid users may deny doing business > with you if you allow your setup to take security measures you deny > them. I suppose that's a risk I'll have to take ;) I hope I don't upset too many script-kiddies for not leaving more of my ports open. > > | Welat xwe ava nake, dest bidin hevdu, pist nedin tu dijminî... > > with a big signature like this, it's certainly netiquette to also > provide an english translation. The translation would make it at least twice as long! I can see the headlines now... "spammer sends mail with signature longer than the actual message contents" ;) > i asked you in private email for > this, but you didn't reply. I will be more than happy to provide you with a translation. Just the joy of having one person wonder what in the heck i've written in my signature is reason enough to provide it. | Welat xwe ava nake, dest bidin hevdu, pist nedin tu dijminî | | Riya azadiyê ne hêsan e, hêviya xwe bernedin, dema me | | nêzîk e. | | | | Hevaltî bi kesên du rû nekin, hevaltî bi hevdu ra bikin | | Ne ji hevaltiya wan kesên pêxwas û rû dirêj, ne bi wan | | kesên xwînperest, ne jî ji yên din. | It says... "A country does not form by itself, help each other out, not your enemies The path to freedom is not an easy one, do not lose hope, our time is nearing Do not take advice from the backward and uneducated, do not make friends with those who have no compassion, morality or respect for human life" > if you want to tell your fellow > countrymen something, there are more appropriate channels. lists like > this one keep politics and tech stuff apart. Relax... just because it's in a foreign language, it doesn't necessarily mean that there's anything offensive there. --Sêrêciya Kurdistanî