On Tue, Dec 17, 2013 at 7:51 PM, Jan Stary <h...@stare.cz> wrote:
>> block in log
>> block out log on $ext
>
> How could anyone help you knowing just these two lines?
> Show your pf.conf
I was trying to show that I only had two block lines and that they
both should log when blocking packets. My rules are actually very
simple:
match out on $ext from $int_ip to any nat-to $loki_ext
block in log
block out log on $ext
pass in quick on $int flags any
pass out on $ext from $lokisafe
pass in on $ext inet proto tcp to port 4334 rdr-to 127.0.0.1 port ssh
pass in on $ext inet proto tcp from $mx to $loki_ext port smtp
rdr-to $riva port smtp flags any
pass out on $int inet proto tcp from $mx port smtp flags any
$int and $ext are interfaces on the firewall (loki). $loki_ext is the
external IP, $int_ip is the internal /24. $lokisafe is a selection of
/24s that I've sometimes used, including the internal network. $riva
is my home mail server. $mx is the IP addresses of my hosted MX
servers.
With tcpdump, I can see the response to the EHLO greeting leaving
riva, arriving on $int, but never making it to $ext. Using HELO
instead doesn't prompt the same behaviour.
Tet
--
"Java is a DSL for taking large XML files and converting them to stack
traces" -- Bulat Shakirzyanov
