From owner-freebsd-pf@FreeBSD.ORG Fri Apr 27 18:47:23 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EEF2C16A412 for ; Fri, 27 Apr 2007 18:47:23 +0000 (UTC) (envelope-from schneecrash@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.189]) by mx1.freebsd.org (Postfix) with ESMTP id 7AC6F13C468 for ; Fri, 27 Apr 2007 18:47:23 +0000 (UTC) (envelope-from schneecrash@gmail.com) Received: by mu-out-0910.google.com with SMTP id g7so1067827muf for ; Fri, 27 Apr 2007 11:47:22 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=jEsNAvhzEGQkbSVY9d7m58d8hc0iAcJsRH4ZN5SsNIRMoGOjhgbrZgyTYbPWzgsQcsoYqyZVgvwxeN2TJOa7zKKCIewHtWDFcuf9hbBykHRUt/SibPkJ0IqvLxgyCqeNVdJq2+tYH5Js192PjhGucm1tcLQ0E5gUadPKyEe+Sno= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=PlbjjcHogfZmvPVG0hzLbQecCn7N45L8MjeJ+y+i8C6PugfOK7xTL9wKLjWE4dTAraORJU81d5kvX/t0uMfrpsyNSzb3Mk/Mnt+wGLOx3C3njk5NYdk5wAQUad4wzsWLZ2lXEN2bM9aS0UrVCFQeo2bv1GdsVTNaFMTMctYErMc= Received: by 10.82.185.12 with SMTP id i12mr6314036buf.1177699641790; Fri, 27 Apr 2007 11:47:21 -0700 (PDT) Received: by 10.82.162.19 with HTTP; Fri, 27 Apr 2007 11:47:21 -0700 (PDT) Message-ID: <70f41ba20704271147r566a99d3od45bd04fac484373@mail.gmail.com> Date: Fri, 27 Apr 2007 11:47:21 -0700 From: snowcrash Sender: schneecrash@gmail.com To: "Jon Simola" In-Reply-To: <70f41ba20704271143i962a7d3r821ddd34a4409f53@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <70f41ba20704271105m11fa5315kc7c3d715f2d63f61@mail.gmail.com> <8eea04080704271127g70d910bfg82ec652a0c6889bf@mail.gmail.com> <70f41ba20704271143i962a7d3r821ddd34a4409f53@mail.gmail.com> X-Google-Sender-Auth: b3203f10703392af Cc: freebsd-pf@freebsd.org Subject: Re: why are pf-blocked ips 'leaking' thru to spamd? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-pf@freebsd.org List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2007 18:47:24 -0000 i suppose alternative would be to, --- set require-order yes +++ set require-order no and put some block quick BEFORE those rdr's ... to prevent those addresses in from ever seeing the redirection in the first place (which is probably better anyway). BUT, i've heard tell that disabling require-order can have its own set of 'surprises' ...