Date: Tue, 28 Jul 2009 16:33:09 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: Jay Hall <jhall@socket.net> Cc: freebsd-questions@freebsd.org Subject: Re: ipf rules question Message-ID: <4A6F0C25.7040400@locolomo.org> In-Reply-To: <0E15E941-3CC2-4C9B-BAF2-C8910F7592ED@socket.net> References: <0E15E941-3CC2-4C9B-BAF2-C8910F7592ED@socket.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jay Hall wrote: > And, following is the output from ipfstat showing the relevant rule(s). > > @140 block in quick proto tcp from 82.0.0.0/8 to any port = smtp > > If I am looking at everything correctly all traffic coming into the > system from the 82.0.0.0/8 network to port 25 on the mail server > should be blocked. > > What am I missing? I can't tell you what you're missing, but we're missing the entire story. Just because you have a block rule doesn't mean that things will get blocked if you have a pass rule before. You need to post the entire ruleset if you want help with that. Evidently, things get passed by some other rule, you can get a clue by adding the log action to all rules passing packets to port 25 or any port. When adding new rules it is a good idea to add log statements so you can debug. Once things work, remove them to reduce the noise. BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A6F0C25.7040400>