From owner-freebsd-questions@FreeBSD.ORG  Tue Jul 28 14:35:14 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9BC8310656B9
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Jul 2009 14:35:14 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from mail.locolomo.org (97.pool85-48-194.static.orange.es
	[85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id 55D978FC20
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Jul 2009 14:35:14 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from beta.1-16-172-dyn.locolomo.org (beta.1-16-172-dyn.locolomo.org
	[172.16.1.127])
	by mail.locolomo.org (Postfix) with ESMTPSA id 5AC7F1C1A67;
	Tue, 28 Jul 2009 16:35:13 +0200 (CEST)
Message-ID: <4A6F0CA1.4060904@locolomo.org>
Date: Tue, 28 Jul 2009 16:35:13 +0200
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605)
MIME-Version: 1.0
To: Jay Hall <jhall@socket.net>
References: <0E15E941-3CC2-4C9B-BAF2-C8910F7592ED@socket.net>
	<4A6F0C25.7040400@locolomo.org>
In-Reply-To: <4A6F0C25.7040400@locolomo.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-questions@freebsd.org
Subject: Re: ipf rules question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2009 14:35:16 -0000

Erik Norgaard wrote:
> Jay Hall wrote:
>> And, following is the output from ipfstat showing the relevant rule(s).
>>
>> @140 block in quick proto tcp from 82.0.0.0/8 to any port = smtp
>>
> Evidently, things get passed by some other rule, you can get a clue by 
> adding the log action to all rules passing packets to port 25 or any port.

And, by the way in ip-filter it is a really good idea to add a default 
rule explicitly, always specify network interface and use groups to 
organize and optimize your ruleset.

BR, Erik
-- 
Erik Nørgaard
Ph: +34.666334818/+34.915211157                  http://www.locolomo.org