Skip site navigation (1)Skip section navigation (2)
Date:      6 Apr 2003 18:18:05 +0200
From:      "clemens fischer" <>
To:        "Sereciya Kurdistani" <>
Subject:   Re: Quick IPFW Question Concerning Sendmail
Message-ID:  <>
In-Reply-To: <> (Sereciya Kurdistani's message of "Sat, 5 Apr 2003 09:48:53 -0800")
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Sereciya Kurdistani <>:

>   vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
>   ipfw add NNNN check-state
>   ipfw add NNNN allow      { udp or tcp } from any to any dst-port smtp,auth,smtps out via tun0 keep-state
>   ipfw add NNNN allow  log   tcp          from any to any dst-port smtp,smtps      in  via tun0
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>   This way, you don't have to allow any ports open for any incoming traffic not matched
>   by the stateful rules, ;)

are you sure this does what you want?  i don't see the customary
anti-spoofing rules and there's a lot to be said for keeping state
especially on _incoming_ connections.  if these are all your rules,
then what about incoming SMTP and AUTH on port 113?

i imagine your rules allowing _you_ to query others for AUTH data,
but you don't allow others this privilege.


Want to link to this message? Use this URL: <>