Date: Mon, 18 Apr 2005 12:25:28 +0200 From: Steven =?unknown-8bit?Q?Bj=F8rken?= Vang <mujahid@ra.home.faeldryn.org> To: questions@freebsd.org Subject: pf ruleset for imap Message-ID: <20050418102528.GA37148@ra.home.faeldryn.org>
next in thread | raw e-mail | index | archive | help
hello.
just installed pf, everything is looking good.
except my imap is blocked. what do i need to add, where?
##### FreeBSD [i386]
##### my.hostname.com
##### City, Country
# pfctl -F a ; pfctl -Nf /etc/pf.conf ; pfctl -sr
int_if="ep0"
ext_if="lnc0"
# *** Options
#
set block-policy drop
# *** Scrub incoming packets
#
scrub in all
# *** NAT
#
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $int_if proto tcp from any to any \
port 21 -> 127.0.0.1 port 8021
# *** Default deny policy
#
block drop log all
# *** Pass loopback traffic
#
pass quick on lo0 all
# *** Outgoing
#
#
pass out on $ext_if inet proto tcp \
from any to any flags S/SA keep state
pass out on $ext_if inet proto { udp, icmp } \
from ($ext_if) to any keep state
# *** Bootstrap
#
pass out on $ext_if inet proto udp \
from any port 68 to any port 67 keep state
# *** DNS and NTP
#
pass out on $ext_if inet proto udp \
from ($ext_if) to any port { 53, 123 } keep state
# *** SSH and HTTP
#
pass in on $ext_if inet proto tcp \
from any to ($ext_if) port { 22, 80 } flags S/SA keep state
# *** Active FTP
#
pass in on $ext_if inet proto tcp \
from port 20 to ($ext_if) user proxy flags S/SA keep state
I guess that's it.
Thanks all,
-- Steven
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050418102528.GA37148>