[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CIDR notation - pass in proto tcp from any os "OpenBSD" to any port 25



Am Samstag, 9. Oktober 2004 06:30 schrieb Kevin:
> On Fri, 8 Oct 2004 12:12:08 +0200, i.t Consulting
..
> As mentioned in the OnLamp interview
> (http://www.onlamp.com/pub/a/bsd/2004/04/15/pf_developers.html?page=2)
> table efficiency in 'pf' has improved massively in recent releases;
> tables of over 100K entries are no problem under 3.5.
>
> The real resource hogs on this machine are running SpamAssassin and
> ClamAV both under systrace.  if anything, the 'pf' ruleset helps out
> by keeping down the volume of mass-mailer worms from dial-up, home
> broadband, and similar networks.
a similar angle of view as compared to my initial one (saving bandwith, 
ressources etc.)...
thanks for the comments who have born some new ideas in my head and may save 
me some time and efforts in the future, e.g.
# pflog:
Oct 09 07:22:06.280840 rule 11/0(match): block in on wl0: 61.81.140.100.4602 > 
thum.ath.cx.smtp: S (src OS: Windows 2000, Windows XP) 657166243:657166243(0) 
win 64800 <mss 1400,nop,nop,sackOK> (DF)
results from rule 11:
@11 block drop in log quick on wl0 proto tcp from <bport25:26> to any port = 
smtp
  [ Evaluations: 192       Packets: 3         Bytes: 144         States: 0   ]
(bloecke.port25:61.0.0.0/8)
so I can make this rule (for PDL also :- ) a bit smarter:
pass in proto tcp from any os "OpenBSD" to any port 25 flags S/SA
more diplomatic (Dragonfly still excluded):
 pass in log quick proto tcp from any os "*BSD" to any port 25 flags S/SA
well - also not the ultimate brillant idea since i had pf used in the past to 
block connections from the mailing list openbsd.de; spamd was working as a 
spam forwarder...
> All but the cheapest of small businesses will host their server on a
> static IP served from an ISP which permits mail servers in their TOS
> -- their address will not be listed in any of the various "dialup and
> dynamic" block lists, unless they sign up with a spam-friendly ISP.
this may vary from country to region; I'll have to dig a bit more into PDL...
regards and a nice weekend for all readers :-
i.t