From owner-freebsd-questions@FreeBSD.ORG Mon Apr 18 10:25:31 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8AF616A4CE for ; Mon, 18 Apr 2005 10:25:31 +0000 (GMT) Received: from mail.faeldryn.org (home.faeldryn.org [195.241.89.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2AEA643D39 for ; Mon, 18 Apr 2005 10:25:31 +0000 (GMT) (envelope-from mujahid@mail.faeldryn.org) Received: from localhost (localhost [127.0.0.1]) by mail.faeldryn.org (Postfix) with ESMTP id ED710C324 for ; Mon, 18 Apr 2005 12:25:29 +0200 (CEST) Received: from mail.faeldryn.org ([127.0.0.1]) by localhost (ra.home.faeldryn.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 36202-08 for ; Mon, 18 Apr 2005 12:25:28 +0200 (CEST) Received: by mail.faeldryn.org (Postfix, from userid 1017) id 4F97AC1EF; Mon, 18 Apr 2005 12:25:28 +0200 (CEST) Date: Mon, 18 Apr 2005 12:25:28 +0200 From: Steven =?unknown-8bit?Q?Bj=F8rken?= Vang To: questions@freebsd.org Message-ID: <20050418102528.GA37148@ra.home.faeldryn.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-Virus-Scanned: by amavisd-new at faeldryn.org Subject: pf ruleset for imap X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2005 10:25:31 -0000 hello. just installed pf, everything is looking good. except my imap is blocked. what do i need to add, where? ##### FreeBSD [i386] ##### my.hostname.com ##### City, Country # pfctl -F a ; pfctl -Nf /etc/pf.conf ; pfctl -sr int_if="ep0" ext_if="lnc0" # *** Options # set block-policy drop # *** Scrub incoming packets # scrub in all # *** NAT # nat on $ext_if from $int_if:network to any -> ($ext_if) rdr on $int_if proto tcp from any to any \ port 21 -> 127.0.0.1 port 8021 # *** Default deny policy # block drop log all # *** Pass loopback traffic # pass quick on lo0 all # *** Outgoing # # pass out on $ext_if inet proto tcp \ from any to any flags S/SA keep state pass out on $ext_if inet proto { udp, icmp } \ from ($ext_if) to any keep state # *** Bootstrap # pass out on $ext_if inet proto udp \ from any port 68 to any port 67 keep state # *** DNS and NTP # pass out on $ext_if inet proto udp \ from ($ext_if) to any port { 53, 123 } keep state # *** SSH and HTTP # pass in on $ext_if inet proto tcp \ from any to ($ext_if) port { 22, 80 } flags S/SA keep state # *** Active FTP # pass in on $ext_if inet proto tcp \ from port 20 to ($ext_if) user proxy flags S/SA keep state I guess that's it. Thanks all, -- Steven