From owner-freebsd-questions@FreeBSD.ORG Wed Oct 1 12:05:38 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AEC916A4B3 for ; Wed, 1 Oct 2003 12:05:38 -0700 (PDT) Received: from freep.dyns.net (adsl-64-170-113-204.dsl.snfc21.pacbell.net [64.170.113.204]) by mx1.FreeBSD.org (Postfix) with SMTP id 2A5E444015 for ; Wed, 1 Oct 2003 12:05:31 -0700 (PDT) (envelope-from micheas@micheas.dyns.net) Received: (qmail 13548 invoked from network); 1 Oct 2003 19:05:31 -0000 Received: from tux.a (HELO tux) (mail@10.0.0.173) by sol.a with SMTP; 1 Oct 2003 19:05:31 -0000 Received: from micheas by tux with local (Exim 3.36 #1 (Debian)) id 1A4mHy-00068R-00; Wed, 01 Oct 2003 12:05:30 -0700 From: Micheas Herman To: Gary In-Reply-To: <20031001181817.21832.qmail@letric.mygirlfriday.info> References: <20031001181817.21832.qmail@letric.mygirlfriday.info> Content-Type: text/plain Content-Transfer-Encoding: 7bit Message-Id: <1065035128.7095.1.camel@tux> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Wed, 01 Oct 2003 12:05:29 -0700 Sender: Micheas Herman cc: FreeBSD Subject: Re: Firewall problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Oct 2003 19:05:38 -0000 On Wed, 2003-10-01 at 11:18, Gary wrote: > I have set my firewall to > > firewall_type="open" > firewall_enable="YES" > > and when I want to drop a specific IP, I enter it manually, it accepts it, > but it does not drop the packets.. > > I am getting a lot of virus activity on my SMTP port 25. So I wanted to > drop a few IP ranges/addresses.. > > 00100 62054 5483792 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 65000 873327 293931424 allow ip from any to any No rule with a number greater than 65000 will have any effect. The packet has already passed. > 65100 0 0 deny tcp from 24.92.226.153 to any > 65110 0 0 deny ip from 213.191.102.86 to any > 65535 0 0 deny ip from any to any Try renumbering the rules in th 64K range. > > Yet, checking later in my SMTP logs, I am still getting pounded by the > listed addresses. Can anyone explain why this isn't working? > > Thanks, -- Micheas Herman