Re: how to get IPFW rules for SMTP server behind NAT server "right"? (freebsd-security: message 1 of 20)
From: Dorin H (bj93542_at_yahoo.com)
Date: 11/23/03
- Previous message: OpenMacNews: "asdfasdf"
- In reply to: OpenMacNews: "Re: how to get IPFW rules for SMTP server behind NAT server "right"? (freebsd-security: message 1 of 20)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 22 Nov 2003 17:14:05 -0800 (PST) To: OpenMacNews <freebsd-security.20.openmacnews@spamgourmet.com>
<snip>
> <snip>
>
> hadn't dawned on me to this, so:
>
> ipfw add 7000 allow log tcp from any to
> ${smtp_server} 25 setup
> ipfw add 7001 allow tcp from any to ${smtp_server}
> 25 established
> ipfw add 7002 allow log tcp from ${smtp_server} 25
> to any setup
> ipfw add 7003 allow tcp from ${smtp_server} 25 to
> any established
>
> right?
Better with dynamic rules... you don't want any packet
directed to ${smtp_server} 25 going inside, just those
corresponding to a previous initiated connection
(dropping SYN will allow the packet to pass your
firewall, and it will not even be logged :))
2c.
/Dorin.
__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: OpenMacNews: "asdfasdf"
- In reply to: OpenMacNews: "Re: how to get IPFW rules for SMTP server behind NAT server "right"? (freebsd-security: message 1 of 20)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
