From owner-FreeBSD-users-jp@jp.FreeBSD.org Wed Jun 23 12:28:56 2004
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id i5N3SuQ31036;
	Wed, 23 Jun 2004 12:28:56 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mailsv.occ.co.jp (ns.occ.co.jp [210.230.242.40])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id i5N3StI31030
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Wed, 23 Jun 2004 12:28:55 +0900 (JST)
	(envelope-from nishi@occ.co.jp)
Received: from knife.occ.co.jp ([210.230.242.51] helo=knife)
	by mailsv.occ.co.jp with smtp id 1BcyRP-000MXU-R0
	for FreeBSD-users-jp@jp.FreeBSD.org; Wed, 23 Jun 2004 12:28:51 +0900
Received: from iraq.occ.co.jp ([210.230.242.92] helo=[172.16.14.118])
	by mailsv.occ.co.jp with esmtp id 1BcyRP-000MXR-Gl
	for FreeBSD-users-jp@jp.FreeBSD.org; Wed, 23 Jun 2004 12:28:51 +0900
From: nishi@occ.co.jp
To: FreeBSD-users-jp@jp.FreeBSD.org
Message-Id: <20040623122851.90DD.NISHI@occ.co.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.09.01 [ja]
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Wed, 23 Jun 2004 12:29:02 +0900
X-Sequence: FreeBSD-users-jp 80012
Subject: [FreeBSD-users-jp 80012] ipf =?ISO-2022-JP?B?GyRCJE5GMBsoQg==?=
 =?ISO-2022-JP?B?GyRCOm4kSyREJCQkRhsoQg==?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: nishi@occ.co.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+040621

FreeBSD 4.9-PRERELEASE(2003/09/09$B:"9=C[(B) $B$r(BWWW&Mail$B%5!<%P(B
$B$H$7$F;HMQ$7$F$$$^$9!#(B
(IPFILTER $B$O(B v3.4.31 Default: pass all, Logging: available)

# ipf -Fa -f /etc/ipf.rules
# ipmon -Ds

$B$K$F(BIPFILTER$B$rM-8z$K$7!"(B3$B;~4VDx%m%0$rD/$a$?$j!"(B
$B%V%i%&%6$d%a!<%i$G@5>o@-$r3NG'$7!"5"Bp$7$^$7$?!#(B

$B$H$3$m$,!"(B4$B;~4VDx$?$C$?8e$+$i@5>o$J@\B3(B(SMTP,POP3)$B$,$G$-$J$/(B
$B$J$C$F$7$^$$!"(Bipf $B$N%m%0$K@\B3$r5qH]$7$?%m%0$,;D$C$F$$$^$7$?!#(B
$B$?$@$7!"%]!<%H(B80 $B$X$NDL?.$O@5>o$K$G$-$^$7$?!#(B

$B$=$3$G5?Ld$J$N$G$9$,!"$J$<(B4$B;~4V8e$K(Bipf $B$NF0:n$,JQ$o$C$F(B
$B$7$^$C$?$N$+$,J,$+$j$^$;$s!#(B

SMTP(25),POP3(110)$B$N%k!<%k$K$O!V(Bflags S keep state$B!W$rIU2C$7$F(B
$B$$$k$N$G$=$l$,2x$7$$$N$+$H;W$C$F$O$$$^$9!#$G$9$,$b$7!"(B
$B@_Dj$,4V0c$C$F$$$l$P!":G=i$+$i2?$+$7$i%m%0$K=PNO$5$l$k(B
$B$O$:$H;W$C$F$$$k$N$G$9$,!&!&!#(B
$B0J2<$K(Bipf$B$N@_Dj%U%!%$%k(B($BH4?h(B)$B$r<($7$^$9!#(B
$B$h$m$7$/$*4j$$CW$7$^$9!#(B

----------------------------------------------------------------------
pass in quick on lo0 all
pass out quick on lo0 all
block in log quick from any to any with ipopts
block in log quick proto tcp from any to any with short
pass out quick proto tcp/udp from any to any keep state
pass out quick proto icmp from any to any keep state
pass in quick proto icmp all
pass in quick proto tcp from any to any port = 110 flags S keep state
pass in quick proto tcp from any to any port = 25 flags S keep state
pass in quick proto udp from any to any port = 53
pass in quick proto udp from any port = 53 to any
pass in quick proto tcp from any to any port = 80
block in log quick all
block out log quick all
----------------------------------------------------------------------

$B=PNO$5$l$?%m%0(B
----------------------------------------------------------------------
Jun 22 21:08:32 sv ipmon[41375]: 21:08:31.872424 fxp0 @0:25 b
192.168.xx.xx,4372 -> 10.x.x.x,25 PR tcp len 20 52 -AF IN

Jun 22 21:08:33 sv ipmon[41375]: 21:08:33.302468 fxp0 @0:25 b
192.168.xx.xx,12684 -> 10.x.x.x,110 PR tcp len 20 40 -AF IN
----------------------------------------------------------------------

-- 
Nishi

