Can anyone explain some pf.conf rules?



  • The following lines were taken from pkg_mgr_spamd.log after doing a spamd install.  From what I gather, these are pf rules and I don't understand them (that's why I got pfSense, so I didn't have to mess with those  ;) ):

    table <spamd-white>persist
    no rdr inet proto tcp from <spamd-white>to any \
    port smtp
    rdr pass inet proto tcp from any to any \
    port smtp -> 127.0.0.1 port spamd</spamd-white></spamd-white> 
    

    From searching this forum, it appears that anyone who ever asked how to change the pf.conf file were having the problem where that file was automatically generated (makes sense to me).  That means that there should be a way to have the above rules implemented through the webGUI.

    Is the pf table command implemented through the webGUI?

    I'm reading through the pf.conf(5) documentation (http://resin.csoft.net/cgi-bin/man.cgi?section=5&topic=pf.conf) but without practical knowledge, I need someone to help.

    Thanks!



  • table <spamd-white>persist
    no rdr inet proto tcp from <spamd-white>to any
    port smtp
    rdr pass inet proto tcp from any to any
    port smtp -> 127.0.0.1 port spamd

    table -adds a table where spamd adds white listed domains, this constantly changes.
    no rdr -this says no redirects protocol tcp from white listed domains to any host on port smtp(25)
            -this stops all inbound smtp requests on the spamd-white list
    rdr    -this redirects all inbound smtp traffic from anywhere to anywhere on port smtp and sends it to a localhost port spamd

    I do not think I agree with this these rules.
    I think you should be blocking a "black list" and allowing a "white list".
    In the end, the idea of spamd is to bother the spammers.
    I use it just to block a tone of email that gets into my mailserver and then gets blocked or listed as SPAM in a junk box.

    pfsense has rules that do not show on the web GUI, probably from the reason that the average joe would have no idea what the rules mean.
    All you need to know is that pfsense starts by blocking all, then lets you decide what to add.  You can choose to add nothing.
    If you want to see all the active rules, nats, tables, anchors, labels etc try this at the command prompt:
    pfctl -s all

    The idea of routing the inbound smtp to localhost is so that the spamd deamon on the firewall can take care of the inbound smtp request.

    You can read where spamd started here:
    http://www.benzedrine.cx/relaydb.html

    You ever want to see whats in your spamd-white table type this  at the command line:
    pfctl -t spamd-white -T show</spamd-white></spamd-white>



  • Thanks!  That's very useful information.


Locked