Date: Sun, 6 Apr 2003 17:48:17 -0700 From: Sereciya Kurdistani <sereciya@kurdistan.ath.cx> To: freebsd-ipfw@freebsd.org Subject: Re: Quick IPFW Question Concerning Sendmail Message-ID: <20030407004817.GB27284@kurdistan.ath.cx> In-Reply-To: <1y0fl5v2.fsf@ID-23066.news.dfncis.de> References: <20030403182847.GC23675@kurdistan.ath.cx> <20030403135048.D92663-100000@diana.northnetworks.ca> <20030405174853.GA94738@kurdistan.ath.cx> <wui77g76.fsf@ID-23066.news.dfncis.de> <20030406162735.GA2797@kurdistan.ath.cx> <1y0fl5v2.fsf@ID-23066.news.dfncis.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Clemens,
Thank you for replying ;)
> i'm not familiar with ipfw2 and just can't get these rules into my
> head. to me this looks like they do nothing: no blocking or
> passing, this depends on what follows.
The skipto's are part of the rules, using them I can add more
constraints to the following rules.
> i have this in old ipfw (edited for a single workstation):
Thank you for posting your sample ipfw script.
...snip...
> # incoming packets _must_ have our destination IP!
> add deny $Llog all from any to not ${oip} $Recv
...snip...
>
> > Incoming SMTP is handled with a rule like:
> >
> > ipfw add NNNN pipe N log tcp from any to any smtp,smtps in via ${oif}
>
> where is the pipe handled?
fromt the skipto several lines up ;)
>
> >> i imagine your rules allowing _you_ to query others for AUTH data,
> >> but you don't allow others this privilege.
Yes, it's called paranoia ;)
> >
> > That's correct. Am I breaking a netiquette rule that I may not be
> > familiar with?
>
> that's entirely up to you, but paranoid users may deny doing business
> with you if you allow your setup to take security measures you deny
> them.
I suppose that's a risk I'll have to take ;) I hope I don't upset
too many script-kiddies for not leaving more of my ports open.
> > | Welat xwe ava nake, dest bidin hevdu, pist nedin tu dijminî...
>
> with a big signature like this, it's certainly netiquette to also
> provide an english translation.
The translation would make it at least twice as long!
I can see the headlines now... "spammer sends mail with signature longer
than the actual message contents" ;)
> i asked you in private email for
> this, but you didn't reply.
I will be more than happy to provide you with a translation. Just
the joy of having one person wonder what in the heck i've written
in my signature is reason enough to provide it.
| Welat xwe ava nake, dest bidin hevdu, pist nedin tu dijminî |
| Riya azadiyê ne hêsan e, hêviya xwe bernedin, dema me |
| nêzîk e. |
| |
| Hevaltî bi kesên du rû nekin, hevaltî bi hevdu ra bikin |
| Ne ji hevaltiya wan kesên pêxwas û rû dirêj, ne bi wan |
| kesên xwînperest, ne jî ji yên din. |
It says...
"A country does not form by itself, help each other out, not your enemies
The path to freedom is not an easy one, do not lose hope, our time
is nearing
Do not take advice from the backward and uneducated, do not make friends
with those who have no compassion, morality or respect for human life"
> if you want to tell your fellow
> countrymen something, there are more appropriate channels. lists like
> this one keep politics and tech stuff apart.
Relax... just because it's in a foreign language, it doesn't necessarily
mean that there's anything offensive there.
--Sêrêciya Kurdistanî
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030407004817.GB27284>