[nycbug-talk] CIDR Network Subtraction Tool?

Tim A. techneck at goldenpath.org
Wed Jun 17 12:31:42 EDT 2009

Miles Nordin wrote:
>>>>>> "ta" == Tim A <techneck at goldenpath.org> writes:
>     ta> pfsense
> fucking easybake oven bullshit.

Sign me up for: More easybake, Less bullshit.

> look does this help?  from TFM of pf.conf:
>      tableaddr-spec = [ "!" ] tableaddr [ "/" mask-bits ]
> can you read these?  It means try putting the elements of your
> whitelist at the top of blacklist.txt, prefixing each element with a
> '!'.  it is untested.

If it were only pf I'd hope to rely on simple exclusions like that. But 
I'm not sure how spamd works with the ! operator.
And, I do not see it used in any spamd related files or mentioned in TFM 
except in relation to pf:

rdr pass inet proto tcp from !<spamd-white> to any \
	port smtp -> port spamd

Possibly my whole problem here is just in not knowing more about spamd.
Like, spamd only populates the spamd-white table with the its dynamic 
entries, not the static entries from whitelist.txt?
And although a pf table "whitelist" is created, it is never populated 
with any entries either from whitelist.txt or otherwise, nor are there 
any rules using this table, so... idk.
Even if I add the whitelist.txt entries to the <spamd-white> table, 
spamd removes them immediately.
The pfsense spamd package seems a little half-baked. But it works, with 
a little quirkiness.

I've been tempted to toss out the pfsense box and setup a freebsd 
firewall using pf. I can do most of this on my own, but I still find the 
traffic-shaping intimidating.
And, goddamn it, I really like the GUI. It's nice. I've even more often 
wished that there existed a freebsd port for pfsense, like webmin, that 
added this GUI to a standard fbsd box.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20090617/0119f6f4/attachment.html>

More information about the talk mailing list