On Fri, 11 Apr 2008, Curtis LaMasters spaketh thusly: -}Easy solution...block destination ports in the IN of the interface that the -}computers/servers are connected...i.e. on your lan interface you have 1 -}email server and 100 computers...create a rule to only allow email from a -}single server and then make another rule denying anything else. In Cisco -}world you would do something like this: -} -}[router] -}access-list onlysmtpsvrs permit tcp host 192.168.1.10 any eq 25 -}access-list onlysmtpsvrs deny tcp any any eq 25 -} -}interface eth0 -}access-group onlysmtpsvrs in -} -}[pix or asa] -}access-list onlysmtpsvrs permit tcp host 192.168.1.10 any 25 -}access-list onlysmtpsvrs deny tcp any any 25 -} -}access-group onlysmtpsvrs in interface inside -} -}On pfSense you simple create a rule before your * * * * * * rule stating you -}want to allow smtp from one server and deny it for the rest with your * * * -}* * * being your last rule.
Oh score. I found what was up. I found in the docs that the one must select a protocol type, then do each type individually. Selecting e.g. tcp or udp allows one to set dest ports and port ranges. And I have verfied that at least the tcp blocks do indeed work. Score score score score score score score score score score score score score score score. -- Randy ([EMAIL PROTECTED]) 765.983.1283 <*> Love with your heart, think with your head; not the other way around. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
