2008/12/1 Jay Torrini <[EMAIL PROTECTED]>:
> Just need to know what to let in.
>
> ext_if="dc0"
> trusted = "REMOVED"
> webports = "{ http }"
> table <blockedips> persist file "/etc/pf.blockedip.conf"
>
> set block-policy return
> set optimization aggressive
> scrub in all
>
> antispoof for $ext_if
>
> pass in quick on $ext_if inet proto tcp from $trusted to $ext_if port ssh
>
> block in log (all) all
>
> block in quick from <blockedips>
>
> pass in on $ext_if proto tcp from any to $ext_if port $webports
>
> pass in on $ext_if inet proto tcp from any to any port domain
> pass in on $ext_if inet proto tcp from any to any port smtpJason has given you this short answer before you posted your pf.conf: > pass out on $ext_if from ($ext_if) to any port smtp If I understand you correctly, then PF and sendmail are running on the same host and you'd like to send emails from that host to somewhere else. This means you have, in the first instance, to allow smtp traffic OUT. (Once state is established, the conversation with the other MTA will proceed anyway, and replies from the remote MTA will be let through.) None of your quoted rules appear to allow smtp traffic OUT, just in but that's irrelevant, for the said reason. Jason's rule should sort you out. 'Hope I'm not mistaken/overlooking something, and 'hope this helps, Cheers, --ropers
