From owner-freebsd-questions  Tue Jul 30  6:25:38 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6F54437B400
	for <freebsd-questions@FreeBSD.ORG>; Tue, 30 Jul 2002 06:25:34 -0700 (PDT)
Received: from web12902.mail.yahoo.com (web12902.mail.yahoo.com [216.136.174.69])
	by mx1.FreeBSD.org (Postfix) with SMTP id 2415C43E42
	for <freebsd-questions@FreeBSD.ORG>; Tue, 30 Jul 2002 06:25:34 -0700 (PDT)
	(envelope-from robbakfreebsd@yahoo.co.uk)
Message-ID: <20020730132534.52905.qmail@web12902.mail.yahoo.com>
Received: from [203.221.120.99] by web12902.mail.yahoo.com via HTTP; Tue, 30 Jul 2002 06:25:34 PDT
Date: Tue, 30 Jul 2002 06:25:34 -0700 (PDT)
From: robert Backhaus <robbakfreebsd@yahoo.co.uk>
Subject: Re: ipfw weirdness
To: Mark Pearce <mark@netchat.co.za>, freebsd-questions@FreeBSD.ORG
In-Reply-To: <20020730143133.217d5d2d.mark@netchat.co.za>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Your suggested rules didn't make alot of sense to me.

--- Mark Pearce <mark@netchat.co.za> wrote:
> Hi all
> 
> I have the following situation, I have a client
> behind my box running exchange, and they are getting
> spammed to death, I want to disallow all incoming
> traffic to their box, but allow incoming traffic
> from their secondries only, the secondries are not
> getting spammed at this moment.
> 
> I am running a ipfw / natd combination 
> 
> My default ruleset is allow all
> I run the command 
> 
> ipfw add allow 200 tcp from 196.x.x.x to 196.x.x.y
> 25 

thsi would allow comunication between 2 machines. It
is matching packets from machine 196.x.x.x to machine
196.x.x.y, not packets involving the range. if these
are both on the same subnet and don't go through your
router, this rule should have no effect - the rule
would never trigger.
 
> and it effectivly blocks everything coming from
> anywhere even although I have just allowed it, if I
> remove the rule, it works fine again.
> 
> If I run the rule
> ipfw add 200 deny tcp from not 196.x.x.x to
> 196.x.x.y 25

that may kill almost everything - anything coming from
any machine that is not 196.x.x.x to 196.x.x.y on port
25.

Maybe I've got something wrong, in which case i would
LOVE to be corrected.

 it works on the port, but blocks all
> other traffic which is not what I had in mind.
> 
> What am I overlooking here.
> 
> Help
> 
> Mark
> 
I think your after ipfw add 200 deny tcp from any to
196.x.x.y 25. That would block all mail posting to
it's smtp.


__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message