From owner-freebsd-hackers@FreeBSD.ORG Sat May 16 09:37:18 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AEACE106566B for ; Sat, 16 May 2009 09:37:18 +0000 (UTC) (envelope-from stas@FreeBSD.org) Received: from mx0.deglitch.com (backbone.deglitch.com [IPv6:2001:16d8:fffb:4::abba]) by mx1.freebsd.org (Postfix) with ESMTP id 6089F8FC16 for ; Sat, 16 May 2009 09:37:18 +0000 (UTC) (envelope-from stas@FreeBSD.org) Received: from DSPAM-Daemon (localhost [127.0.0.1]) by mx0.deglitch.com (Postfix) with SMTP id 515AD8FC1D for ; Sat, 16 May 2009 13:37:16 +0400 (MSD) Received: from orion.SpringDaemons.com (unknown [77.232.3.143]) by mx0.deglitch.com (Postfix) with ESMTPA id C4DF38FC18; Sat, 16 May 2009 13:37:15 +0400 (MSD) Received: from orion (localhost [127.0.0.1]) by orion.SpringDaemons.com (Postfix) with SMTP id 45C863982B; Sat, 16 May 2009 13:37:47 +0400 (MSD) Date: Sat, 16 May 2009 13:37:42 +0400 From: Stanislav Sedov To: =?KOI8-R?Q?=EF=CC=C5=C7_=F0=C5=D4=D2=C1=DE=A3=D7?= Message-Id: <20090516133742.0e26a347.stas@FreeBSD.org> In-Reply-To: <4A0C0187.1030107@sprinthost.ru> References: <4A0C0187.1030107@sprinthost.ru> Organization: The FreeBSD Project X-XMPP: ssedov@jabber.ru X-Voice: +7 916 849 20 23 X-PGP-Fingerprint: F21E D6CC 5626 9609 6CE2 A385 2BF5 5993 EB26 9581 X-Mailer: carrier-pigeon Mime-Version: 1.0 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit X-DSPAM-Result: Innocent X-DSPAM-Processed: Sat May 16 13:37:16 2009 X-DSPAM-Confidence: 0.9899 X-DSPAM-Improbability: 1 in 9809 chance of being spam X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 4a0e894c994291748722663 Cc: freebsd-hackers@freebsd.org Subject: Re: ipfw uid rules for lo0 interface X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 May 2009 09:37:18 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 14 May 2009 15:33:27 +0400 ïÌÅÇ ðÅÔÒÁÞ£× mentioned: > Hello! > > I am using FreeBSD 7.2-RELEASE. > > I am trying to restrict connections to local smtp daemon to limited > number of users. But when I create rules for ipfw with uid pattern, I > don't get the desired result: all connections on 25 port are blocked and > it is impossible to allow it for anyone. > > I am using the following rules (let's say only root is allowed send > messages): > > # ipfw flush > # ipfw add 100 allow ip from any to me 25 uid root > # ipfw add 200 deny ip from any to me 25 > > # telnet localhost 25 > Trying 127.0.0.1... > > And nothing is happening - the connection is neither allowed nor denied, > it just hangs. > > What am I doing wrong? Thanks in advance! > That should work. I suspect you don't have anything running on 127.0.0.1:25, otherwise you should have been receiving a "permission denied" message. You can inspect what's binded on which ports/addresses by running `sockstat -4`. - -- Stanislav Sedov ST4096-RIPE -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkoOiWsACgkQK/VZk+smlYFcpACeMLylEJRGrP7w0ciiHqT+Xhzz QEsAn2AU5chm06vYZBrX8/7mSDfpnD8P =blL4 -----END PGP SIGNATURE----- !DSPAM:4a0e894c994291748722663!