ipfw uid/gid debugging, tcpdump relation with ipfw and how to block direct access to port 25
supportsobaka at mail.ru
supportsobaka at mail.ru
Wed Jul 4 12:28:20 UTC 2018
Could you please explain whether tcpdum should see a packet dropped on ipfw? Does it look before or after ipfw?
tcpdump -vvv port 25 shows nothing when port is blocked on ipfw (security log shows droped packets).
Also, is there a way to to see uid/gid on the packet in ipfw log?
Alternatively, can tcpdump show uid/gid of the packet (before ipfw)? I don't see uid/gid when use tcpdump -vvv port 25. Is there a way to understand if packet does't have uid/gid or it just not shown?
I can't figure out a good rule to protect access to port 25 for other than sendmail (yep, native sendmail). The obvious
${ipfw} add allow tcp from me to any 25 out gid smmsp setup keep-state :emailfromme
doesn't work (email is not sent out,but dropped on the ipfw by the last deny rule). Seems like the packet sent by sendmail doesn't belong to snmmsp group.
I have tried gid operator gid mail gid smmsp gid wheel - won't help.
How to debug?
--
Oleg
More information about the freebsd-ipfw
mailing list