hi,
i've set up pf+spamd on FreeBSD 6.2-RELEASE.
IPs that i've blocked seem to be sneaking through to spamd ... not
always, apparently :-/
i'm guessing i've borked config, or there's an overflow of something
... dunno, yet.
i've config'd pf as follows,
pf.conf
--------------------------
...
# OPTIONS
set block-policy drop
set optimization aggressive
set state-policy if-bound
...
# NORMALIZE
scrub in all
...
# TRANSLATE/REDIRECT
nat on $ext_if from $int_if:network to any
-> ($ext_if)
...
rdr on $ext_if proto tcp from <mail-white> to $SMTP_WAN
port 25 -> $SMTP_LAN port 25
rdr pass on $ext_if proto tcp from { <spamd>, !<ip-black> } \
to ($ext_if)
port 25 -> 127.0.0.1 port 8025
rdr pass on $ext_if proto tcp from { !<spamd-white>, !<ip-black> } \
to ($ext_if)
port 25 -> 127.0.0.1 port 8025
rdr on $ext_if proto tcp from <spamd-white> to $SMTP_WAN
port 25 -> $SMTP_LAN port 25
...
# FILTER
block log quick from { <ip-black> } to any
block log all
pass in log quick on $ext_if proto tcp from { <mail-white>, <spamd-white> } \
to
$SMTP_LAN port 25 flags S/SFRA keep state
pass out log quick on $ext_if proto tcp from any to
port 25 flags S/SFRA keep state
...
--------------------------
so, iiuc, anything in <ip-black> should NEVER be redirected to spamd,
AND would be blocked anyway by the subsequent default filter ...
but, in my spamd log i'm seeing,
Apr 27 10:40:47 router spamd[984]: (GREY) 86.105.76.208:
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>
Apr 27 10:40:47 router spamd[984]: 86.105.76.208: disconnected after
1 seconds.
checking,
% pfctl -t ip-black -T show | grep 86.104.0.0/14
86.104.0.0/14
where,
% whatmask 86.104.0.0/14 | grep "t Usable"
First Usable IP Address = .....: 86.104.0.1
Last Usable IP Address = ......: 86.107.255.254
so, why is the addr in question, 86.105.76.208, even getting to spamd?
any suggestions are appreciated!
thanks.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
