Date: Fri, 7 Nov 1997 09:18:59 -0700 (MST) From: Nate Williams <nate@mt.sri.com> To: "Jonathan A. Zdziarski" <jonz@netrail.net> Cc: freebsd-isp@freebsd.org Subject: Re: Banning IPs from Sendmail Message-ID: <199711071618.JAA28143@rocky.mt.sri.com> In-Reply-To: <Pine.BSF.3.95q.971107113544.21576A-100000@netrail.net> References: <Pine.BSF.3.95q.971107113544.21576A-100000@netrail.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> What's the easiest way to deny local smtp delivery to specific IP
> addresses?
IPFW.
netif == outside network connection
myeip == my external IP addresses (necessary since packets are generated
with it as my IP address)
myiip == my 'internal' IP address, which is the one given to the world.
The following rules limit email to my 'gateway' box, and only that box.
You can modify it to accept email from other machines, or whatever.
############
# allow incoming SMTP only on NS, so we only have to keep it's stuff
# current. There's no other reason for people to look internally, since
# they are handled w/MX records.
ipfw add 900 pass tcp from any to ${myeip} 25 via ${netif} in
ipfw add 901 pass tcp from any to ${myiip} 25,53,110,113 via ${netif} in
# Don't log (somewhat valid) attempts to connect to internal SMTP hosts
# (sendmail uses AUTH, so don't log attempts there either.)
ipfw add 910 deny tcp from any to any 25 via ${netif} in
Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711071618.JAA28143>