On Dec 18 02:11:55, tet...@gmail.com wrote: > On Tue, Dec 17, 2013 at 7:51 PM, Jan Stary <h...@stare.cz> wrote: > > >> block in log > >> block out log on $ext > > > > How could anyone help you knowing just these two lines? > > Show your pf.conf > > I was trying to show that I only had two block lines and that they > both should log when blocking packets. My rules are actually very > simple: > > match out on $ext from $int_ip to any nat-to $loki_ext > > block in log > block out log on $ext > > pass in quick on $int flags any > > pass out on $ext from $lokisafe > > pass in on $ext inet proto tcp to port 4334 rdr-to 127.0.0.1 port ssh > pass in on $ext inet proto tcp from $mx to $loki_ext port smtp > rdr-to $riva port smtp flags any > > pass out on $int inet proto tcp from $mx port smtp flags any
Firstly, why don't you drop the "flags any" everywhere? > $int and $ext are interfaces on the firewall (loki). $loki_ext is the > external IP, $int_ip is the internal /24. $lokisafe is a selection of > /24s that I've sometimes used, including the internal network. $riva > is my home mail server. $mx is the IP addresses of my hosted MX > servers. So $riva is a member of $lokisafe, right? > With tcpdump, I can see the response to the EHLO greeting leaving > riva, arriving on $int, but never making it to $ext. Using HELO > instead doesn't prompt the same behaviour. > > Tet > > -- > "Java is a DSL for taking large XML files and converting them to stack > traces" -- Bulat Shakirzyanov
