[nycbug-talk] CIDR Network Subtraction Tool?
Tim A.
techneck at goldenpath.org
Wed Jun 17 12:31:42 EDT 2009
Miles Nordin wrote:
>>>>>> "ta" == Tim A <techneck at goldenpath.org> writes:
>>>>>>
>
> ta> pfsense
>
> fucking easybake oven bullshit.
>
Sign me up for: More easybake, Less bullshit.
>
> look does this help? from TFM of pf.conf:
>
> tableaddr-spec = [ "!" ] tableaddr [ "/" mask-bits ]
>
> can you read these? It means try putting the elements of your
> whitelist at the top of blacklist.txt, prefixing each element with a
> '!'. it is untested.
If it were only pf I'd hope to rely on simple exclusions like that. But
I'm not sure how spamd works with the ! operator.
And, I do not see it used in any spamd related files or mentioned in TFM
except in relation to pf:
rdr pass inet proto tcp from !<spamd-white> to any \
port smtp -> 127.0.0.1 port spamd
Possibly my whole problem here is just in not knowing more about spamd.
Like, spamd only populates the spamd-white table with the its dynamic
entries, not the static entries from whitelist.txt?
And although a pf table "whitelist" is created, it is never populated
with any entries either from whitelist.txt or otherwise, nor are there
any rules using this table, so... idk.
Even if I add the whitelist.txt entries to the <spamd-white> table,
spamd removes them immediately.
The pfsense spamd package seems a little half-baked. But it works, with
a little quirkiness.
I've been tempted to toss out the pfsense box and setup a freebsd
firewall using pf. I can do most of this on my own, but I still find the
traffic-shaping intimidating.
And, goddamn it, I really like the GUI. It's nice. I've even more often
wished that there existed a freebsd port for pfsense, like webmin, that
added this GUI to a standard fbsd box.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20090617/0119f6f4/attachment.htm>
More information about the talk
mailing list