Date: 15 Jun 2002 23:03:37 +0100 From: Stacey Roberts <sroberts@dsl.pipex.com> To: rahermon@iastate.edu Cc: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: RE: Your earlier maillog post Message-ID: <1024178619.47848.1.camel@Demon.Strobe.org> In-Reply-To: <004401c21280$b4240ad0$8404a8c0@TheGetto> References: <004401c21280$b4240ad0$8404a8c0@TheGetto>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Hi Ramon,
Thanks for the suggestions.
I've got a couple of questions on those rules you included in your last
reply.
I use advanced stateful rules on this machine, and what you've suggested
doesn't appear to be of the same structure as the ones I use here. I've
always understood that its generally a bad idea to mix rule base types.
Is this your understanding as well?
So then, what I'm asking is if you've any suggestions on re-writing
these so that they fit into a stateful rule structure.
On Thu, 2002-06-13 at 03:19, rahermon@iastate.edu wrote:
> I was looking at the ipfw rules on your post "IPFW error, help?" and I
> did not notice the following which can explain access denied to
> localhost.
>
> # Allow loopbacks, deny imposters
> ${fwcmd} add 100 pass all from any to any via lo0
> ${fwcmd} add 200 deny all from any to 127.0.0.0/8
> # Stop spoofing
> ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
> ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
>
> The above are just after flush on my rules. But my definitions are
> before, I guess what I am trying to say is that just make sure the above
> rules are the first rules.
>
> Regards,
> Ramon
>
> > -----Original Message-----
> > From: owner-freebsd-questions@FreeBSD.ORG
> > [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of S. Roberts
> > Sent: Wednesday, June 12, 2002 1:30 AM
> > To: rahermon@cs.iastate.edu
> > Cc: FreeBSD-Questions
> > Subject: re: Your earlier maillog post
> >
> >
> > Hi,
> > I stumbled across your post in the archives. I'm seeing
> > exactly the same formatted messages in the maillog of a box
> > here as well: Jun 12 07:03:38 <snip> sm-msp-queue[96453]:
> > g5766juA092113: to=root, delay=4+23:56:53, xdelay=00:00:00,
> > mailer=relay, pri=22287174, relay=localhost.<snip>.,
> > dsn=4.0.0, stat=Deferred: Permission denied ~ $
> >
> > I wanted to find out if you had gotten an explanation, or
> > positive response to your query in the end. I tried sending a
> > query to Sendmail.org but couldn't get any joy there either.
> >
> > Do let me know, please
> > Regards,
> > Stacey
> >
> > ok. Maybe if I take it one step at a time. Can anyone tell me
> > what this means.
> >
> > May 31 15:46:04 FW sm-msp-queue[442]: g4R84JFE000560:
> > to=root, ctladdr=root (0/0), delay=4+12:41:45,
> > xdelay=00:00:00, mailer=relay, pri=18390056,
> > relay=localhost.rhbsd.dhs.org., dsn=4.0.0, stat=Deferred:
> > Permission denied
> >
> > Thaks.
> > --
> > Stacey Roberts B.Sc. (HONS) Computer Science
> > Network Systems Engineer
> >
>
>
>
--
Stacey Roberts B.Sc. (HONS) Computer Science
Network Systems Engineer
[-- Attachment #2 --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Hi Ramon,=20
Thanks for the suggestions.=20
I've got a couple of questions on those rules you included in your last
reply.=20
I use advanced stateful rules on this machine, and what you've suggested
doesn't appear to be of the same structure as the ones I use here. I've
always understood that its generally a bad idea to mix rule base types.
Is this your understanding as well?=20
So then, what I'm asking is if you've any suggestions on re-writing
these so that they fit into a stateful rule structure.=20
On Thu, 2002-06-13 at 03:19, rahermon@iastate.edu wrote:=20
> I was looking at the ipfw rules on your post "IPFW error, help?" and I
> did not notice the following which can explain access denied to
> localhost.
>=20
> # Allow loopbacks, deny imposters
> ${fwcmd} add 100 pass all from any to any via lo0
> ${fwcmd} add 200 deny all from any to 127.0.0.0/8
> # Stop spoofing
> ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
> ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
>=20
> The above are just after flush on my rules. But my definitions are
> before, I guess what I am trying to say is that just make sure the above
> rules are the first rules.
>=20
> Regards,
> Ramon
>=20
> > -----Original Message-----
> > From: owner-freebsd-questions@FreeBSD.ORG=20
> > [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of S. Roberts
> > Sent: Wednesday, June 12, 2002 1:30 AM
> > To: rahermon@cs.iastate.edu
> > Cc: FreeBSD-Questions
> > Subject: re: Your earlier maillog post
> >=20
> >=20
> > Hi,
> > I stumbled across your post in the archives. I'm seeing=20
> > exactly the same formatted messages in the maillog of a box=20
> > here as well: Jun 12 07:03:38 <snip> sm-msp-queue[96453]:=20
> > g5766juA092113: to=3Droot, delay=3D4+23:56:53, xdelay=3D00:00:00,=20
> > mailer=3Drelay, pri=3D22287174, relay=3Dlocalhost.<snip>.,=20
> > dsn=3D4.0.0, stat=3DDeferred: Permission denied ~ $=20
> >=20
> > I wanted to find out if you had gotten an explanation, or=20
> > positive response to your query in the end. I tried sending a=20
> > query to Sendmail.org but couldn't get any joy there either.
> >=20
> > Do let me know, please
> > Regards,
> > Stacey
> >=20
> > ok. Maybe if I take it one step at a time. Can anyone tell me=20
> > what this means.
> >=20
> > May 31 15:46:04 FW sm-msp-queue[442]: g4R84JFE000560:=20
> > to=3Droot, ctladdr=3Droot (0/0), delay=3D4+12:41:45,=20
> > xdelay=3D00:00:00, mailer=3Drelay, pri=3D18390056,=20
> > relay=3Dlocalhost.rhbsd.dhs.org., dsn=3D4.0.0, stat=3DDeferred:=20
> > Permission denied
> >=20
> > Thaks.
> > --=20
> > Stacey Roberts B.Sc. (HONS) Computer Science
> > Network Systems Engineer
> >=20
>=20
>=20
>=20
- --=20
Stacey Roberts B.Sc. (HONS) Computer Science
Network Systems Engineer
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBPQu5tvdn4A8qiCO5EQLlQgCg5rX0B8xLvnSigKfzKUH5h2RIIzoAoIDD
dtt0v9TRL5pEcVgm2KDzZHVi
=gapu
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1024178619.47848.1.camel>