On Tue, 29 May 2007 14:24 -0700, ipfilter wrote:
Personaly "dont know if you will like this approach to the matter..."
but I would add a rule to the top of this file specificly for smtp
traffic just during your testing phase (debug) of your ruleset.
pass out quick on %IFACE% from %IP/MASK% to any port = 25 keep state
and then test that rule by sending out some mail to the place its not
going to. If mail has not been sent out then the problem is more than
likely with the port "maybe (smtps:465)". You might also have to
unblock (submission:587). Now if your mail goes through then just move
that rule down by 1 and test again untill your mail does not go through
and then youll know at least which rule is effecting your transfers.
Preferably I would ublock out:25,587 and add keep state to both of those
with no flags for the meantime or at least add flags S keep state.
Dont know how much help this will be to you but at the moment I dont
have time to type much more as Im trying allready to do to many things
at-once "multi-tasking is way overrated". Any way this should at least
give you a start. Note: Definately focus on 25 & 587 seperate or
together.
Good luck.
root-klaatu /etc/ipf% ipfstat -io
block out all
pass out quick on lo0 all
block out log quick from any to 192.168.0.0/16
block out log quick from any to 172.16.0.0/12
block out log quick from any to 10.0.0.0/8
pass out log quick proto tcp from 206.176.249.128/28 to any port = 113 flags
R/FSRPU
pass out quick proto tcp from 206.176.249.128/28 to any flags S/FSRPAU keep
state
pass out quick proto udp from 206.176.249.128/28 to any keep state
pass out quick proto icmp from 206.176.249.128/28 to any icmp-type echorep
pass out quick proto icmp from 206.176.249.128/28 to any icmp-type unreach
pass out quick proto icmp from 206.176.249.128/28 to any icmp-type echo
pass out quick proto icmp from 206.176.249.128/28 to any icmp-type timex
block in all
pass in quick on lo0 all
block in log quick from 192.168.0.0/16 to any
block in log quick from 172.16.0.0/12 to any
block in log quick from 10.0.0.0/8 to any
block in log quick on hme0 from 127.0.0.0/8 to any
block in log quick on hme1 from 127.0.0.0/8 to any
block in log quick from any to any with short
block in log from any to any with ipopts
block return-rst in log quick proto tcp from any to 206.176.249.128/28 port =
113
block in log quick from 211.154.104.85/32 to any
pass in quick proto tcp from any to 206.176.249.128/28 port = ftp flags
S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port 32768 >< 65535
flags S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = smtp flags
S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = spamd-smtp flags
S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = priv-ssh flags
S/FSRPAU keep state
pass in quick proto udp from any to 206.176.249.128/28 port = domain keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = httpd flags
S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = pop3 flags
S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = imap flags
S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = submission flags
S/FSRPAU keep state
pass in quick proto tcp from any to 206.176.249.128/28 port = smtp-alt flags
S/FSRPAU keep state
pass in quick proto icmp from any to 206.176.249.128/28 icmp-type echorep
pass in quick proto icmp from any to 206.176.249.128/28 icmp-type unreach
pass in quick proto icmp from any to 206.176.249.128/28 icmp-type echo
pass in quick proto icmp from any to 206.176.249.128/28 icmp-type timex
--
/*-
* @(#)dot.sig 1.6 (Berkeley) 5/9/94
* $Id: dot.sig,v 1.6.1.3 2000/05/09 06:28:40 wh1tef8 Exp $
*/
#include <copyright.h>
#include <disclaimer.h>
#include <insignia.h>
