On Thu, Sep 25, 2025 at 10:27:52AM +0300, kasak wrote:
Hello misc!
I want to deny using of 25 port from lan to wan. I need some advice
here.
Really depends on the rest of the ruleset, generally high in pf ruleset:
# permit smtp to smarthost without checking later rules
pass in quick on $if_int proto tcp from $lan to $smarthost port 25
# block and log smtp to any other host without checking later rules
block in log quick on $if_int proto tcp from $lan to any port 25
later you can see who spammed by tcpdumping pflog:
tcpdump -neqtttr /var/log pflog port 25
--
Before enlightenment - chop wood, draw water.
After enlightenment - chop wood, draw water.
Marko Cupać
https://www.mimar.rs/
