Date: Tue, 30 Jul 2002 06:25:34 -0700 (PDT) From: robert Backhaus <robbakfreebsd@yahoo.co.uk> To: Mark Pearce <mark@netchat.co.za>, freebsd-questions@FreeBSD.ORG Subject: Re: ipfw weirdness Message-ID: <20020730132534.52905.qmail@web12902.mail.yahoo.com> In-Reply-To: <20020730143133.217d5d2d.mark@netchat.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Your suggested rules didn't make alot of sense to me. --- Mark Pearce <mark@netchat.co.za> wrote: > Hi all > > I have the following situation, I have a client > behind my box running exchange, and they are getting > spammed to death, I want to disallow all incoming > traffic to their box, but allow incoming traffic > from their secondries only, the secondries are not > getting spammed at this moment. > > I am running a ipfw / natd combination > > My default ruleset is allow all > I run the command > > ipfw add allow 200 tcp from 196.x.x.x to 196.x.x.y > 25 thsi would allow comunication between 2 machines. It is matching packets from machine 196.x.x.x to machine 196.x.x.y, not packets involving the range. if these are both on the same subnet and don't go through your router, this rule should have no effect - the rule would never trigger. > and it effectivly blocks everything coming from > anywhere even although I have just allowed it, if I > remove the rule, it works fine again. > > If I run the rule > ipfw add 200 deny tcp from not 196.x.x.x to > 196.x.x.y 25 that may kill almost everything - anything coming from any machine that is not 196.x.x.x to 196.x.x.y on port 25. Maybe I've got something wrong, in which case i would LOVE to be corrected. it works on the port, but blocks all > other traffic which is not what I had in mind. > > What am I overlooking here. > > Help > > Mark > I think your after ipfw add 200 deny tcp from any to 196.x.x.y 25. That would block all mail posting to it's smtp. __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020730132534.52905.qmail>