Date: Wed, 04 Jul 2018 15:28:09 +0300 From: supportsobaka@mail.ru To: freebsd-ipfw@freebsd.org Subject: =?UTF-8?B?aXBmdyB1aWQvZ2lkIGRlYnVnZ2luZywgdGNwZHVtcCByZWxhdGlvbiB3aXRo?= =?UTF-8?B?IGlwZncgYW5kIGhvdyB0byBibG9jayBkaXJlY3QgYWNjZXNzIHRvIHBvcnQg?= =?UTF-8?B?MjU=?= Message-ID: <1530707289.696086711@f198.i.mail.ru>
next in thread | raw e-mail | index | archive | help
Could you please explain whether tcpdum should see a packet dropped on ipfw? Does it look before or after ipfw?
tcpdump -vvv port 25 shows nothing when port is blocked on ipfw (security log shows droped packets).
Also, is there a way to to see uid/gid on the packet in ipfw log?
Alternatively, can tcpdump show uid/gid of the packet (before ipfw)? I don't see uid/gid when use tcpdump -vvv port 25. Is there a way to understand if packet does't have uid/gid or it just not shown?
I can't figure out a good rule to protect access to port 25 for other than sendmail (yep, native sendmail). The obvious
${ipfw} add allow tcp from me to any 25 out gid smmsp setup keep-state :emailfromme
doesn't work (email is not sent out,but dropped on the ipfw by the last deny rule). Seems like the packet sent by sendmail doesn't belong to snmmsp group.
I have tried gid operator gid mail gid smmsp gid wheel - won't help.
How to debug?
--
Oleg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1530707289.696086711>