(This is a huge message, but I felt too much info was better than too little)
Preface: I'm a relative n00b to ipfilter, though I got quite an
education when my server was attacked recently by some site in China
(which is what got me started using it in the first place). That
said, here is the problem, followed at the bottom with details as
per the IPfilter FAQ:
After putting in place the ruleset shown at the bottom, I discovered
that any email with attachments that's sent to any address at
att.net/sbcglobal.net/pacbell.net will not go through. The connection
invariably times out. *This does not happen with any other MX servers
on the net!*. That's what's particularly baffling - if I had a
mistake in my ruleset, I'd presume NO mail would go out. I've tweaked
and adjusted based on everything I can find out there, to no avail.
If i replace the ruleset with
pass in all
pass out all
The mail goes through just fine.
Doing a 'by hand' conversation with any of the aforementioned MX
servers reveals that if I pause for more than 20 seconds during the
DATA phase, the connection will be closed:
telnet 207.115.20.21 25
Trying 207.115.20.21...
Connected to 207.115.20.21.
Escape character is '^]'.
220 flpi138.sbcis.sbc.com ESMTP Sendmail 8.13.8 inb/8.13.8; Tue, 29
May 2007 09:59:48 -0700
helo a.mx.anastrophe.com
250 flpi138.sbcis.sbc.com Hello a.mx.anastrophe.com
[206.176.249.135], pleased to meet you
mail from: [EMAIL PROTECTED]
250 2.1.0 [EMAIL PROTECTED] Sender ok
rcpt to: [EMAIL PROTECTED]
250 2.1.5 [EMAIL PROTECTED] Recipient ok
data
354 Enter mail, end with "." on a line by itself
421 4.4.1 collect: read timeout on connection from
a.mx.anastrophe.com, [EMAIL PROTECTED]
Connection to 207.115.20.21 closed by foreign host.
Now, that twenty seconds is pretty harsh to begin with of course -
RFC1123 recommends a minimum of three minutes. But my server's on a
fast connection so it shouldn't pose a problem either way. I can send
messages with gigantic attachments elsewhere on the net, no problem.
I ran ipmon while the rules were set to 'pass all' and forced the
mail queue. Here's the results (traffic to other networks grepped out):
29/05/2007 12:23:45.533368 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 52 -S OUT
29/05/2007 12:23:45.550718 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 52 -AS IN
29/05/2007 12:23:45.550835 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 40 -A OUT
29/05/2007 12:23:45.591507 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 133 -AP IN
29/05/2007 12:23:45.591570 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 40 -A OUT
29/05/2007 12:23:45.591780 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 61 -AP OUT
29/05/2007 12:23:45.609366 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:45.610389 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 132 -AP IN
29/05/2007 12:23:45.610444 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 40 -A OUT
29/05/2007 12:23:45.610609 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 73 -AP OUT
29/05/2007 12:23:45.629945 hme0 @0:1 p 207.115.20.164,5707 ->
206.176.249.135,53 PR udp len 20 71 IN
29/05/2007 12:23:45.630913 hme0 @0:1 p 206.176.249.135,53 ->
207.115.20.164,5707 PR udp len 20 232 OUT
29/05/2007 12:23:45.656556 hme0 @0:1 p 207.115.20.164,5707 ->
206.176.249.135,53 PR udp len 20 71 IN
29/05/2007 12:23:45.657102 hme0 @0:1 p 206.176.249.135,53 ->
207.115.20.164,5707 PR udp len 20 143 OUT
29/05/2007 12:23:45.661595 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:45.674002 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 86 -AP IN
29/05/2007 12:23:45.674175 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 79 -AP OUT
29/05/2007 12:23:45.693133 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.222486 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 52 -A IN
29/05/2007 12:23:46.222551 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.224930 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 52 -A IN
29/05/2007 12:23:46.224978 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -A OUT
29/05/2007 12:23:46.228886 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.228945 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.228981 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.229031 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -A OUT
29/05/2007 12:23:46.231110 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.231162 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.231207 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.231252 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -A OUT
29/05/2007 12:23:46.231324 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.231370 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.236220 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.236277 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.237379 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.237430 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -A OUT
29/05/2007 12:23:46.239412 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.239464 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.242033 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.242084 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -A OUT
29/05/2007 12:23:46.244121 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 52 -A IN
29/05/2007 12:23:46.244169 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.244273 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 52 -A IN
29/05/2007 12:23:46.244321 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -A OUT
29/05/2007 12:23:46.288584 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 52 -A IN
29/05/2007 12:23:46.288633 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.288671 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 52 -A IN
29/05/2007 12:23:46.288715 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.289763 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 52 -A IN
29/05/2007 12:23:46.289816 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -A OUT
29/05/2007 12:23:46.297833 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 52 -A IN
29/05/2007 12:23:46.297887 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.297925 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.297977 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -A OUT
29/05/2007 12:23:46.298060 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.298110 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.298146 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.298195 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -A OUT
29/05/2007 12:23:46.303653 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.303712 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.303753 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:46.303796 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:46.303831 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 52 -A IN
29/05/2007 12:23:46.303875 52x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -A OUT
29/05/2007 12:23:46.716969 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 68 -A IN
29/05/2007 12:23:46.717036 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1064 -AP OUT
29/05/2007 12:23:50.582080 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.610791 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.610937 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.633561 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.633653 3x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.635209 2x hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.654609 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.657367 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 68 -A IN
29/05/2007 12:23:50.657469 3x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.657621 4x hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.682780 3x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.682929 3x hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.704371 3x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.705927 2x hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.708889 3x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.724809 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.724881 3x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.726610 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.726671 3x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.733310 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.733378 3x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.733520 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.733580 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.735004 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.735070 3x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:50.748074 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 76 -A IN
29/05/2007 12:23:50.748138 2x hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 1500 -A OUT
29/05/2007 12:23:55.446678 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 96 -AP IN
29/05/2007 12:23:55.446916 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 46 -AP OUT
29/05/2007 12:23:55.447190 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 40 -AF OUT
29/05/2007 12:23:55.465920 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -A IN
29/05/2007 12:23:55.466012 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 92 -AP IN
29/05/2007 12:23:55.466063 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 40 -R OUT
29/05/2007 12:23:55.466136 hme0 @0:1 p 207.115.20.21,25 ->
206.176.249.135,37627 PR tcp len 20 40 -AF IN
29/05/2007 12:23:55.466205 hme0 @0:1 p 206.176.249.135,37627 ->
207.115.20.21,25 PR tcp len 20 40 -R OUT
Does anyone have a clue what might be going wrong here? My users need
to be able to send mail with attachments to the sbc MX servers. Since
such messages go through fine when ipfilter is set to allow all,
clearly it's not that sbc is blocking connections from my server for
any reason. But also clearly, there's something not right with
traffic to these MX servers, since this doesn't happen at all with
other mailservers.
Following is the IPfilter FAQ suggested background info:
root-klaatu /etc/ipf% uname -a
SunOS klaatu 5.10 Generic_125100-08 sun4u sparc SUNW,UltraSPARC-IIi-cEngine
root-klaatu /etc/ipf% isainfo -vk
64-bit sparcv9 kernel modules
root-klaatu /etc/ipf% ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>
mtu 1500 index 2
inet 206.176.249.135 netmask fffffff0 broadcast 206.176.249.143
ether 8:0:20:c1:b7:16
hme0:1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>
mtu 1500 index 2
inet 206.176.249.139 netmask fffffff0 broadcast 206.176.249.143
hme1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>
mtu 1500 index 3
inet 206.176.249.136 netmask fffffff0 broadcast 206.176.249.143
ether 8:0:20:c1:b7:17
hme1:1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>
mtu 1500 index 3
inet 206.176.249.138 netmask fffffff0 broadcast 206.176.249.143
root-klaatu /etc/ipf% netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
206.176.249.128 206.176.249.135 U 1 126 hme0
206.176.249.128 206.176.249.136 U 1 0 hme1
206.176.249.128 206.176.249.139 U 1 0 hme0:1
206.176.249.128 206.176.249.138 U 1 0 hme1:1
224.0.0.0 206.176.249.135 U 1 0 hme0
default 206.176.249.129 UG 1 34237
127.0.0.1 127.0.0.1 UH 6 11014 lo0
root-klaatu /etc/ipf% netstat -i
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
lo0 8232 loopback localhost 206177 0 206177 0 0 0
hme0 1500 a.mx.anastrophe.com a.mx.anastrophe.com 523879
0 548112 0 0 0
hme1 1500 barada.anastrophe.com barada.anastrophe.com
14375 0 335 0 0 0
root-klaatu /etc/ipf% netstat -s -P ip
IPv4 ipForwarding = 2 ipDefaultTTL = 255
ipInReceives =513740 ipInHdrErrors = 0
ipInAddrErrors = 0 ipInCksumErrs = 0
ipForwDatagrams = 0 ipForwProhibits = 3
ipInUnknownProtos = 0 ipInDiscards = 44
ipInDelivers =190813 ipOutRequests =549584
ipOutDiscards = 0 ipOutNoRoutes = 39
ipReasmTimeout = 60 ipReasmReqds = 0
ipReasmOKs = 0 ipReasmFails = 0
ipReasmDuplicates = 0 ipReasmPartDups = 0
ipFragOKs = 0 ipFragFails = 0
ipFragCreates = 0 ipRoutingDiscards = 0
tcpInErrs = 15 udpNoPorts = 1060
udpInCksumErrs = 2 udpInOverflows = 0
rawipInOverflows = 0 ipsecInSucceeded = 0
ipsecInFailed = 0 ipInIPv6 = 0
ipOutIPv6 = 0 ipOutSwitchIPv6 = 0
root-klaatu /etc/ipf% ipf -V
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x107
root-klaatu /etc/ipf% ipfstat
bad packets: in 0 out 0
IPv6 packets: in 0 out 0
input packets: blocked 2001 passed 513751 nomatch 27
counted 0 short 0
output packets: blocked 2025 passed 547609 nomatch 33 counted 0 short 0
input packets logged: blocked 2 passed 6227
output packets logged: blocked 15 passed 6540
packets logged: input 0 output 0
log failures: input 545 output 544
fragment state(in): kept 0 lost 0 not fragmented 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 44510 lost 26
packet state(out): kept 46133 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 5394 (out): 6106
IN Pullups succeeded: 1094 failed: 0
OUT Pullups succeeded: 708 failed: 0
Fastroute successes: 0 failures: 2
TCP cksum fails(in): 0 (out): 0
IPF Ticks: 269222
Packet log flags set: (0)
none
root-klaatu /etc/ipf% ipfstat -io
block out all
pass out quick on lo0 all
block out log quick from any to 192.168.0.0/16
block out log quick from any to 172.16.0.0/12
block out log quick from any to 10.0.0.0/8
pass out log quick proto tcp from 206.176.249.128/28 to any port =
113 flags R/FSRPU
pass out quick proto tcp from 206.176.249.128/28 to any flags
S/FSRPAU keep state
pass out quick proto udp from 206.176.249.128/28 to any keep state
pass out quick proto icmp from 206.176.249.128/28 to any icmp-type echorep
pass out quick proto icmp from 206.176.249.128/28 to any icmp-type unreach
pass out quick proto icmp from 206.176.249.128/28 to any icmp-type echo
pass out quick proto icmp from 206.176.249.128/28 to any icmp-type timex
block in all
pass in quick on lo0 all
block in log quick from 192.168.0.0/16 to any
block in log quick from 172.16.0.0/12 to any
block in log quick from 10.0.0.0/8 to any
block in log quick on hme0 from 127.0.0.0/8 to any
block in log quick on hme1 from 127.0.0.0/8 to any
block in log quick from any to any with short
block in log from any to any with ipopts
block return-rst in log quick proto tcp from any to
206.176.249.128/28 port = 113
block in log quick from 211.154.104.85/32 to any
pass in quick proto tcp from any to 206.176.249.128/28 port = ftp
flags S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port 32768 ><
65535 flags S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = smtp
flags S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port =
spamd-smtp flags S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port =
priv-ssh flags S/FSRPAU keep state
pass in quick proto udp from any to 206.176.249.128/28 port = domain keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = httpd
flags S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = pop3
flags S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = imap
flags S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port =
submission flags S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port =
smtp-alt flags S/FSRPAU keep state
pass in quick proto icmp from any to 206.176.249.128/28 icmp-type echorep
pass in quick proto icmp from any to 206.176.249.128/28 icmp-type unreach
pass in quick proto icmp from any to 206.176.249.128/28 icmp-type echo
pass in quick proto icmp from any to 206.176.249.128/28 icmp-type timex
Please note the following from the output immediately above:
'spamd-smtp' is a private smtp traffic port from my backup MX server
to this server, port 26
'smtp-alt' is a legacy 'alternate' smtp port for submission, port 2525
'priv-ssh' is simply ssh run on port 32 so the damned script-kiddie
scripts won't relentlessly bang on my server.
And finally, my apologies again for being a n00b.
Paul Theodoropoulos
http://www.anastrophe.com
