From owner-freebsd-questions@FreeBSD.ORG  Wed Oct  1 11:18:19 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EC07416A4B3
	for <questions@freebsd.org>; Wed,  1 Oct 2003 11:18:19 -0700 (PDT)
Received: from mygirlfriday.info (adsl-65-64-145-209.dsl.stlsmo.swbell.net
	[65.64.145.209])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 03DAC43FAF
	for <questions@freebsd.org>; Wed,  1 Oct 2003 11:18:19 -0700 (PDT)
	(envelope-from gv-mailed@mygirlfriday.info)
Received: (qmail 20877 invoked from network); 1 Oct 2003 18:17:47 -0000
Received: from user204.net795.mo.sprint-hsd.net (HELO mygirlfriday.info)
	(65.41.216.204)
	by mongo.mygirlfriday.info with DES-CBC3-SHA encrypted SMTP;
	1 Oct 2003 18:17:47 -0000
Received: (qmail 21833 invoked by uid 500); 1 Oct 2003 18:18:17 -0000
Message-ID: <20031001181817.21832.qmail@letric.mygirlfriday.info>
Date: Wed, 1 Oct 2003 13:18:17 -0500
From: Gary <gv-list-freebsdquestions@mygirlfriday.info>
To: FreeBSD <questions@freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Organization: Hardly
Subject: Firewall problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2003 18:18:20 -0000

I have set my firewall to

firewall_type="open"
firewall_enable="YES"

and when I want to drop a specific IP, I enter it manually, it accepts it,
but it does not drop the packets.. 

I am getting a lot of virus activity on my SMTP port 25. So I wanted to
drop a few IP ranges/addresses..

00100  62054   5483792 allow ip from any to any via lo0
00200      0         0 deny ip from any to 127.0.0.0/8
00300      0         0 deny ip from 127.0.0.0/8 to any
65000 873327 293931424 allow ip from any to any
65100      0         0 deny tcp from 24.92.226.153 to any
65110      0         0 deny ip from 213.191.102.86 to any           
65535      0         0 deny ip from any to any

Yet, checking later in my SMTP logs, I am still getting pounded by the
listed addresses. Can anyone explain why this isn't working?

Thanks,

-- 
Gary