Could you please explain whether tcpdum should see a packet dropped on ipfw?
Does it look before or after ipfw?
tcpdump -vvv port 25 shows nothing when port is blocked on ipfw (security log
shows droped packets).
Also, is there a way to to see uid/gid on the packet in ipfw log?
Alternatively, can tcpdump show uid/gid of the packet (before ipfw)? I don't
see uid/gid when use tcpdump -vvv port 25. Is there a way to understand if
packet does't have uid/gid or it just not shown?
I can't figure out a good rule to protect access to port 25 for other than
sendmail (yep, native sendmail). The obvious
${ipfw} add allow tcp from me to any 25 out gid smmsp setup keep-state
:emailfromme
doesn't work (email is not sent out,but dropped on the ipfw by the last deny
rule). Seems like the packet sent by sendmail doesn't belong to snmmsp group.
I have tried gid operator gid mail gid smmsp gid wheel - won't help.
How to debug?
--
Oleg
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"
