Re: I need help with pf and smtpd.conf to deal with an ongoing attack on port 25 that is sending out emails.

2025-04-30 Thread Chris Bennett
> Sent: Tuesday, April 29, 2025 at 1:35 AM > From: "Zé Loff" > To: "ed bennett" > Cc: "misc@openbsd.org" > Subject: Re: I need help with pf and smtpd.conf to deal with an ongoing > attack on port 25 that is sending out emails. > > On M

Re: I need help with pf and smtpd.conf to deal with an ongoing attack on port 25 that is sending out emails.

2025-04-30 Thread rakete
>Apart from that, you might be able to do something different with your >MTA: you can configure it to listen on the egress interface, allowing >only for local delivery, *and* to listen on lo0, allowing those messages >to be forwarded. This shouldn't be too hard to do with OpenSMTPD. Shouldn't a U

Re: I need help with pf and smtpd.conf to deal with an ongoing attack on port 25 that is sending out emails.

2025-04-30 Thread Craig Skinner
Open Mail Relay: Why It Is Considered A Spammer's Dream https://www.duocircle.com/content/mail-relay-smtp/open-mail-relay An open mail relay is a Simple Mail Transfer Protocol (SMTP) server configured in such a way that it allows anybody on the Internet to send e-mail through it https://en.wikipe

Re: I need help with pf and smtpd.conf to deal with an ongoing attack on port 25 that is sending out emails.

2025-04-29 Thread Zé Loff
On Mon, Apr 28, 2025 at 12:32:56PM +, ed bennett wrote: > I only want to receive incoming emails and only send emails from the server > itself, > either with scripts or while logged on with ssh. > I've completely blocked port 25 and the submission ports. > With 25 open, I can't even login and

Re: I need help with pf and smtpd.conf to deal with an ongoing attack on port 25 that is sending out emails.

2025-04-28 Thread Peter N. M. Hansteen
On Mon, Apr 28, 2025 at 12:32:56PM +, ed bennett wrote: > I only want to receive incoming emails and only send emails from the server > itself, > either with scripts or while logged on with ssh. > I've completely blocked port 25 and the submission ports. > With 25 open, I can't even login and

I need help with pf and smtpd.conf to deal with an ongoing attack on port 25 that is sending out emails.

2025-04-28 Thread ed bennett
I only want to receive incoming emails and only send emails from the server itself, either with scripts or while logged on with ssh. I've completely blocked port 25 and the submission ports. With 25 open, I can't even login and I have to use IPMI. First what can I do with just pf? I haven't found

Re: help with pf filtering on enc

2017-03-24 Thread Frank Groeneveld
On Tue, Mar 21, 2017, at 16:56, Marko Cupać wrote: > ... > > What exactly I should pass on enc interface so that the above packet > passes? > > Thank you in advance. Hi, You probably need to allow ipencap protocol packets. I also need l2tp packets, but that depends on whether you use it. -- Fran

help with pf filtering on enc

2017-03-21 Thread Marko Cupać
Hi, I have OpenBSD-based branch office router which connects to cisco-based hq router via ipsec-protected gre tunnel (transport mode). If I 'set skip on enc' everything works fine, but I would like to tighten rules on enc a bit as well, not as much for the sake of functionality as for the sake of

Re: help with pf queueing in ipsec over gre

2016-12-02 Thread Marko Cupać
On Fri, 2 Dec 2016 12:14:56 + (UTC) Stuart Henderson wrote: > On 2016-11-25, Marko Cupać wrote: > > Hi, > > > > I'd like to do limit bandwidth on gre tunnel protected with ipsec in > > transport mode. > I haven't tried this exact scenario. But I understand the general way > things work and

Re: help with pf queueing in ipsec over gre

2016-12-02 Thread Stuart Henderson
On 2016-11-25, Marko Cupać wrote: > Hi, > > I'd like to do limit bandwidth on gre tunnel protected with ipsec in > transport mode. > > I've set single default queue on gre interface, matched everything > that goes out to that queue, and finally passed everything out that > interface: > > # SNIP >

help with pf queueing in ipsec over gre

2016-11-25 Thread Marko Cupać
Hi, I'd like to do limit bandwidth on gre tunnel protected with ipsec in transport mode. I've set single default queue on gre interface, matched everything that goes out to that queue, and finally passed everything out that interface: # SNIP queue mother on gre204 bandwidth 25M min 25M max 25M

Re: newbie help with PF. block all, then allowing port 22 doesnt work.

2010-04-22 Thread Andres Salazar
Hello, THat solved the issue but I have about 20 rulesets that have the same syntax. I dont see anything yet also about this. Please elaborate. Andres On Thu, Apr 22, 2010 at 3:59 PM, Alexander Hall wrote: > On 04/22/10 18:22, Allie Daneman wrote: >> Why are you doing "from any to (fxp0)" ? Th

Re: newbie help with PF. block all, then allowing port 22 doesnt work.

2010-04-22 Thread Alexander Hall
On 04/22/10 18:22, Allie Daneman wrote: > Why are you doing "from any to (fxp0)" ? That's your problem. Change all I fail to see why that would cause any issues. Care to elaborate? /Alexander > the rules like that to "from any to any" since you're already putting > the rule on that interface and

Re: newbie help with PF. block all, then allowing port 22 doesnt work.

2010-04-22 Thread Allie Daneman
Why are you doing "from any to (fxp0)" ? That's your problem. Change all the rules like that to "from any to any" since you're already putting the rule on that interface and it should fix you up. As long as you're not redirecting you can turn logging on specific rules and see why they're blocki

Re: newbie help with PF. block all, then allowing port 22 doesnt work.

2010-04-22 Thread Andres Salazar
Hello, Yes it loaded properly. Yes I had missied the macro for the external NIC it is included in the original ruleset. t_externa = "fxp0" This is the result for pfctl -sr: match in all scrub (no-df) block drop all pass out all flags S/SA keep state pass out quick on fxp0 inet proto tcp from (f

Re: newbie help with PF. block all, then allowing port 22 doesnt work.

2010-04-21 Thread Daniel Ouellet
## Traffic IN pass in log quick on $t_externa inet proto { tcp, udp } from any to ($t_externa) \ port { 22 8080 } keep state In your pf configuration it doesn't show where you actually define the macro for your interface $t_externa. Are you sure the rules you run are

newbie help with PF. block all, then allowing port 22 doesnt work.

2010-04-21 Thread Andres Salazar
Hello all. I have a ruleset where iam explicitly allowing incoming connections on port 22.. (default is block log all) .. for some weird reason they are getting blocked log says: Apr 21 17:09:49.105052 rule 1/(match) block in on fxp0: my.client.ip.here.54711 > my.server.ip.here.22: S 299965829

Help with PF rules

2010-03-23 Thread Masao Garcia
Hello, I was wondering if someone can help me with PF rules..it doesn't have to be exact syntax-maybe a high level explanation might be enough. Internet | BSD | / \ 192.168.10.0/241

Re: help with pf redirection (openbsd 4.6)

2010-03-19 Thread matteo filippetto
2010/3/17 N. Arley Dealey > Help! I'm obviously overlooking something really obvious but I just can't > see it. > > I'm building my first PF-based router/firewall using OpenBSD 4.6. For now, > what I > need it to do is pretty simple: > >1. Allow all outbound traffic via NAT and allow all inbo

help with pf redirection (openbsd 4.6)

2010-03-17 Thread N. Arley Dealey
Help! I'm obviously overlooking something really obvious but I just can't see it. I'm building my first PF-based router/firewall using OpenBSD 4.6. For now, what I need it to do is pretty simple: 1. Allow all outbound traffic via NAT and allow all inbound responses. 2. Allow only ssh

Re: help with pf and transparent squid

2008-12-30 Thread Giancarlo Razzolini
Stuart Henderson escreveu: On 2008-12-30, Giancarlo Razzolini wrote: fRANz escreveu: Hi. I've some trouble with this configuration: LAN -- fw (openbsd 4.4) -- adsl router LAN: 192.168.100.0/24 fw int int: sis1 fw int ind: 192.168.100.2 fw ext int: sis0 fw ext ind: 10.0.0.2 router in

Re: help with pf and transparent squid

2008-12-30 Thread Stuart Henderson
On 2008-12-30, Giancarlo Razzolini wrote: > fRANz escreveu: >> Hi. >> >> I've some trouble with this configuration: >> >> LAN -- fw (openbsd 4.4) -- adsl router >> >> LAN: 192.168.100.0/24 >> fw int int: sis1 >> fw int ind: 192.168.100.2 >> fw ext int: sis0 >> fw ext ind: 10.0.0.2 >> router int in

Re: help with pf and transparent squid

2008-12-30 Thread Giancarlo Razzolini
fRANz escreveu: Hi. I've some trouble with this configuration: LAN -- fw (openbsd 4.4) -- adsl router LAN: 192.168.100.0/24 fw int int: sis1 fw int ind: 192.168.100.2 fw ext int: sis0 fw ext ind: 10.0.0.2 router int ind: 10.0.0.1 I try to configure pf to redirect all web traffic from internal

Re: help with pf and transparent squid

2008-12-26 Thread System Administrator
On 27 Dec 2008 at 1:02, fRANz wrote: > On Fri, Dec 26, 2008 at 7:50 PM, System Administrator > wrote: > > > Here is a hint to simpler life: to avoid assymtric routing make sure > > that all you redirect (RDR) rules fully traverse the firewall, i.e. the > > source and destination are connected t

Re: help with pf and transparent squid

2008-12-26 Thread fRANz
On Fri, Dec 26, 2008 at 7:50 PM, System Administrator wrote: > Here is a hint to simpler life: to avoid assymtric routing make sure > that all you redirect (RDR) rules fully traverse the firewall, i.e. the > source and destination are connected to different interfaces. In your > case that would m

Re: help with pf and transparent squid

2008-12-26 Thread System Administrator
What you are attempting is known as "assymetric routing". An extensive search of the archives will show that it has been discussed a number of times, and the configuration you are attempting _can_ be made to work. However, to get it working [properly] requires a fairly advanced routing an pf kn

help with pf and transparent squid

2008-12-26 Thread fRANz
Hi. I've some trouble with this configuration: LAN -- fw (openbsd 4.4) -- adsl router LAN: 192.168.100.0/24 fw int int: sis1 fw int ind: 192.168.100.2 fw ext int: sis0 fw ext ind: 10.0.0.2 router int ind: 10.0.0.1 I try to configure pf to redirect all web traffic from internal lan to an interna

Help with pf

2008-09-26 Thread Ricardo Augusto de Souza
# pfctl -e pf enabled # ping www.terra.com.br PING www.terra.com.br (200.176.3.142): 56 data bytes ping: sendto: No route to host ping: wrote www.terra.com.br 64 chars, ret=-1 ping: sendto: No route to host ping: wrote www.terra.com.br 64 chars, ret=-1 --- www.terra.com.br ping statistics -

Re: help with pf

2008-01-25 Thread Kevin
Just passing through while looking for something else, but can help: Aaron proficuous.com> writes: > my pf.conf: > ... > pass in on fxp3 inet proto tcp from $lan_net port { ssh www ntp https smtp imap imaps domain } to any > ... > pass in on fxp3 inet proto udp from $lan_net port { domain ntp }

Re: help with pf

2007-12-02 Thread Rosen Iliev
Hi Aaron, The problem is that you pass base on src not destination: pass in on fxp3 inet proto tcp from $lan_net port { ssh www ntp https smtp imap imaps domain } to any it should be pass in on fxp3 inet proto tcp from $lan_net to port { ssh www ntp https smtp imap imaps domain } Also be a

Re: help with pf

2007-12-01 Thread Aaron
Preston Norvell wrote: On 2007/12/01 3:04 PM, "Aaron" <[EMAIL PROTECTED]> muttered eloquently: I believe I see the issue with general traffic flow. The clue being that you are being blocked by the generic block drop in log rule (you can get rule numbers with 'pfctl -vvsr'). You have the destin

Re: help with pf

2007-12-01 Thread Preston Norvell
On 2007/12/01 3:04 PM, "Aaron" <[EMAIL PROTECTED]> muttered eloquently: I believe I see the issue with general traffic flow. The clue being that you are being blocked by the generic block drop in log rule (you can get rule numbers with 'pfctl -vvsr'). You have the destination port on the source

help with pf

2007-12-01 Thread Aaron
I have decided to switch my linux routers over to openbsd and as such need to have pf up and running on them. I have a test network that I am testing this on and am having some issues getting things working as expected.. My network configuration is as follows: my ascii art sux so i'll try to

help with pf DIOCADDSTATE

2007-11-08 Thread Raja Subramanian
Hi All, I'm trying to insert arbitrary pf state entries from my userland app. I've repeatedly crashed my 4.2 box with bad pf ioctl DIOCADDSTATE calls, and find it difficult to progress any further. Does anyone have some sample code I can learn from? TIA, - Raja

Re: nedd help with pf

2007-10-27 Thread Henning Brauer
* david l goodrich <[EMAIL PROTECTED]> [2007-10-26 15:02]: > On Fri, 26 Oct 2007 15:13:19 +0300, "Mindaugas" <[EMAIL PROTECTED]> > wrote: > > Hi, > > > > > > > > Situacion, I have table abusers : table persist > > > > And pf rule which uses ir, so my question is > > > > How to set max host li

Re: nedd help with pf

2007-10-26 Thread david l goodrich
On Fri, 26 Oct 2007 15:13:19 +0300, "Mindaugas" <[EMAIL PROTECTED]> wrote: > Hi, > > > > Situacion, I have table abusers : table persist > > And pf rule which uses ir, so my question is > > How to set max host life time in table, without using pfctl -T expire > number > table? After patching

Re: nedd help with pf

2007-10-26 Thread Peter N. M. Hansteen
"Mindaugas" <[EMAIL PROTECTED]> writes: > How to set max host life time in table, without using pfctl -T expire number > table? There is AFAIK currently no way to specify that in pf.conf itself. then again, it doesn't take much energy to run a pfctl expire from cron job every some minutes or s

nedd help with pf

2007-10-26 Thread Mindaugas
Hi, Situacion, I have table abusers : table persist And pf rule which uses ir, so my question is How to set max host life time in table, without using pfctl -T expire number table?

Help with pf address translation

2007-06-20 Thread Albert Chin
We have ipsec running on an internal firewall, with packets being routed to the internal firewall via an external firewall. We wish to move off of the internal 192.168.11.0/24 network and onto a net-10 network. What pf rules do we need to automatically translate between a net-10 block and the inter

Re: need help with pf tcpdump

2006-02-06 Thread Joachim Schipper
On Mon, Feb 06, 2006 at 01:10:20AM -0800, David Benfell wrote: > Hello all, > > I'm trying to debug my packet filtering rules. The problem is that > messages sent from my internal network are not getting through to the > SMTP host on my OpenBSD 3.8-CURRENT system. > > The only output I'm getting

Re: need help with pf tcpdump

2006-02-06 Thread Peter
--- David Benfell <[EMAIL PROTECTED]> wrote: > Hello all, > > I'm trying to debug my packet filtering rules. The problem is that > messages sent from my internal network are not getting through to the > SMTP host on my OpenBSD 3.8-CURRENT system. A common debugging approach is to log on all blo

need help with pf tcpdump

2006-02-06 Thread David Benfell
Hello all, I'm trying to debug my packet filtering rules. The problem is that messages sent from my internal network are not getting through to the SMTP host on my OpenBSD 3.8-CURRENT system. The only output I'm getting from tcpdump is: Feb 06 00:56:09.237698 0:3:93:eb:21:f2 0:a0:cc:65:ba:d0 080