Date: Sat, 16 May 2009 13:37:42 +0400 From: Stanislav Sedov <stas@FreeBSD.org> To: =?KOI8-R?Q?=EF=CC=C5=C7_=F0=C5=D4=D2=C1=DE=A3=D7?= <o.petrachev@sprinthost.ru> Cc: freebsd-hackers@freebsd.org Subject: Re: ipfw uid rules for lo0 interface Message-ID: <20090516133742.0e26a347.stas@FreeBSD.org> In-Reply-To: <4A0C0187.1030107@sprinthost.ru> References: <4A0C0187.1030107@sprinthost.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 14 May 2009 15:33:27 +0400 ïÌÅÇ ðÅÔÒÁÞ£× <o.petrachev@sprinthost.ru> mentioned: > Hello! > > I am using FreeBSD 7.2-RELEASE. > > I am trying to restrict connections to local smtp daemon to limited > number of users. But when I create rules for ipfw with uid pattern, I > don't get the desired result: all connections on 25 port are blocked and > it is impossible to allow it for anyone. > > I am using the following rules (let's say only root is allowed send > messages): > > # ipfw flush > # ipfw add 100 allow ip from any to me 25 uid root > # ipfw add 200 deny ip from any to me 25 > > # telnet localhost 25 > Trying 127.0.0.1... > > And nothing is happening - the connection is neither allowed nor denied, > it just hangs. > > What am I doing wrong? Thanks in advance! > That should work. I suspect you don't have anything running on 127.0.0.1:25, otherwise you should have been receiving a "permission denied" message. You can inspect what's binded on which ports/addresses by running `sockstat -4`. - -- Stanislav Sedov ST4096-RIPE -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkoOiWsACgkQK/VZk+smlYFcpACeMLylEJRGrP7w0ciiHqT+Xhzz QEsAn2AU5chm06vYZBrX8/7mSDfpnD8P =blL4 -----END PGP SIGNATURE----- !DSPAM:4a0e894c994291748722663!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090516133742.0e26a347.stas>