From owner-freebsd-hackers@FreeBSD.ORG  Thu May 14 11:44:00 2009
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ED8A51065670
	for <freebsd-hackers@freebsd.org>; Thu, 14 May 2009 11:44:00 +0000 (UTC)
	(envelope-from o.petrachev@sprinthost.ru)
Received: from odin.from.sh (odin.from.sh [80.93.50.112])
	by mx1.freebsd.org (Postfix) with ESMTP id AA03C8FC15
	for <freebsd-hackers@freebsd.org>; Thu, 14 May 2009 11:44:00 +0000 (UTC)
	(envelope-from o.petrachev@sprinthost.ru)
Received: from [89.223.116.161] (helo=[10.10.10.126])
	by odin.from.sh with esmtpa (Exim 4.69 (FreeBSD))
	(envelope-from <o.petrachev@sprinthost.ru>) id 1M4ZBv-000PMB-Ee
	for freebsd-hackers@freebsd.org; Thu, 14 May 2009 15:33:35 +0400
Message-ID: <4A0C0187.1030107@sprinthost.ru>
Date: Thu, 14 May 2009 15:33:27 +0400
From: =?UTF-8?B?0J7Qu9C10LMg0J/QtdGC0YDQsNGH0ZHQsg==?=
	<o.petrachev@sprinthost.ru>
User-Agent: Thunderbird 2.0.0.21 (X11/20090318)
MIME-Version: 1.0
To: freebsd-hackers@freebsd.org
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Thu, 14 May 2009 11:49:39 +0000
Subject: ipfw uid rules for lo0 interface
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2009 11:44:01 -0000

Hello!

I am using FreeBSD 7.2-RELEASE.

I am trying to restrict connections to local smtp daemon to limited 
number of users. But when I create rules for ipfw with uid pattern, I 
don't get the desired result: all connections on 25 port are blocked and 
it is impossible to allow it for anyone.

I am using the following rules (let's say only root is allowed send 
messages):

# ipfw flush
# ipfw add 100 allow ip from any to me 25 uid root
# ipfw add 200 deny ip from any to me 25

# telnet localhost 25
Trying 127.0.0.1...

And nothing is happening - the connection is neither allowed nor denied, 
it just hangs.

What am I doing wrong? Thanks in advance!