From owner-freebsd-security@FreeBSD.ORG  Tue May 11 19:26:08 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 376C716A4CE
	for <freebsd-security@freebsd.org>;
	Tue, 11 May 2004 19:26:08 -0700 (PDT)
Received: from gw.visp.com.au (gw.visp.com.au [202.6.158.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5776A43D5E
	for <freebsd-security@freebsd.org>;
	Tue, 11 May 2004 19:26:07 -0700 (PDT)
	(envelope-from tim@spyderweb.com.au)
Received: from bofh.spyderweb.com.au (202-6-150-37.ip.visp.com.au
	[202.6.150.37] (may be forged))
	by gw.visp.com.au (8.12.8p2/8.12.8) with ESMTP id i4C2Q9kH021961
	for <freebsd-security@freebsd.org>;
	Wed, 12 May 2004 11:56:09 +0930 (CST)
	(envelope-from tim@spyderweb.com.au)
Received: from spyderweb.com.au (localhost [127.0.0.1])i4C2Q7ic082712
	for <freebsd-security@freebsd.org>;
	Wed, 12 May 2004 11:56:07 +0930 (CST)
	(envelope-from tim@spyderweb.com.au)
Date: Wed, 12 May 2004 11:56:07 +0930
From: Tim Aslat <tim@spyderweb.com.au>
To: freebsd security list <freebsd-security@freebsd.org>
Message-Id: <20040512115607.23ac80ea@bofh.spyderweb.com.au>
Organization: Spyderweb Consulting
X-Mailer: Sylpheed version 0.9.10claws (GTK+ 1.2.10;
	i386-portbld-freebsd5.2.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: quick FW question
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2004 02:26:08 -0000

I hope this isn't too off topic, but I'd like a quick solution to a
problem.

I have a small network behind a NAT firewall (FreeBSD of course) and I'd
like to block/redirect all traffic from the internal network to the
local mail server (same box as firewall) in order to prevent direct smtp
requests to the outside world (mainly virus/trokan programs).

I think I have it right in this rule, but I would prefer to get a
second, or even a third opinion.

ipfw add fwd 127.0.0.1,25 tcp from any to me dst-port 25

Cheers

Tim

-- 
Tim Aslat <tim@spyderweb.com.au>
Spyderweb Consulting
http://www.spyderweb.com.au
Phone: +61 0401088479