Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can anyone explain some pf.conf rules?

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      flachance
      last edited by

      The following lines were taken from pkg_mgr_spamd.log after doing a spamd install.  From what I gather, these are pf rules and I don't understand them (that's why I got pfSense, so I didn't have to mess with those  ;) ):

      table <spamd-white>persist
no rdr inet proto tcp from <spamd-white>to any \
port smtp
rdr pass inet proto tcp from any to any \
port smtp -> 127.0.0.1 port spamd</spamd-white></spamd-white>

      From searching this forum, it appears that anyone who ever asked how to change the pf.conf file were having the problem where that file was automatically generated (makes sense to me).  That means that there should be a way to have the above rules implemented through the webGUI.

      Is the pf table command implemented through the webGUI?

      I'm reading through the pf.conf(5) documentation (http://resin.csoft.net/cgi-bin/man.cgi?section=5&topic=pf.conf) but without practical knowledge, I need someone to help.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • N Offline
        newmember
        last edited by

        table <spamd-white>persist
        no rdr inet proto tcp from <spamd-white>to any
        port smtp
        rdr pass inet proto tcp from any to any
        port smtp -> 127.0.0.1 port spamd

        table -adds a table where spamd adds white listed domains, this constantly changes.
        no rdr -this says no redirects protocol tcp from white listed domains to any host on port smtp(25)
                -this stops all inbound smtp requests on the spamd-white list
        rdr    -this redirects all inbound smtp traffic from anywhere to anywhere on port smtp and sends it to a localhost port spamd

        I do not think I agree with this these rules.
        I think you should be blocking a "black list" and allowing a "white list".
        In the end, the idea of spamd is to bother the spammers.
        I use it just to block a tone of email that gets into my mailserver and then gets blocked or listed as SPAM in a junk box.

        pfsense has rules that do not show on the web GUI, probably from the reason that the average joe would have no idea what the rules mean.
        All you need to know is that pfsense starts by blocking all, then lets you decide what to add.  You can choose to add nothing.
        If you want to see all the active rules, nats, tables, anchors, labels etc try this at the command prompt:
        pfctl -s all

        The idea of routing the inbound smtp to localhost is so that the spamd deamon on the firewall can take care of the inbound smtp request.

        You can read where spamd started here:
        http://www.benzedrine.cx/relaydb.html

        You ever want to see whats in your spamd-white table type this  at the command line:
        pfctl -t spamd-white -T show</spamd-white></spamd-white>

        1 Reply Last reply Reply Quote 0
        • F Offline
          flachance
          last edited by

          Thanks!  That's very useful information.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.