Edy <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am trying to configure spamd on the current bridge PF firewall which
> is running on OpenBSD 4.0
>
> fxp0 and fxp1 both are setup as bridge interfaces
>
> the following is the rdr rule for spamd
>
> ## Spamd Stuff
> # Table that spamd updates
> table <spamd> persist
> table <spamd-white> persist file "/etc/whitelist.txt"
> # If not on whitelist, redirect to spamd
> rdr pass on $ext_if inet proto tcp from !<spamd-white> to any \
> port smtp -> 127.0.0.1 port spamd
> # Because this is a bridge, explicit route to this machine
> pass out route-to lo0 proto tcp from any to 127.0.0.1 port spamd
try this fragment instead, note that there is no pass in rdr
and the route-to is applied to an incoming packet. Using
tags to match nat/rdr rules to filter rules is much easier.
# If not on whitelist, redirect to spamd
rdr on $ext_if inet proto tcp from !<spamd-white> to any \
port smtp tag SPAMD -> 127.0.0.1 port spamd
pass in route-to lo0 tagged SPAMD keep state
Can
