Building The Network You Need With PF, The OpenBSD Packet Filter: BSDCan 2016, Ottawa, Canada, June 8th 2016 | ||
---|---|---|
Prev | Next |
/etc/pf.conf
OpenBSD 5.8 (really 5.7-current) onwards uses divert-to for efficiency:
table <spamd-white> persist table <nospamd> persist file "/etc/mail/nospamd" pass in log on egress proto tcp to port smtp \ divert-to 127.0.0.1 port spamd pass in log on egress proto tcp from <nospamd> to port smtp pass in log on egress proto tcp from <spamd-white> to port smtp pass out log on egress proto tcp to port smtp
OpenBSD 5.7 and earlier:
table <spamd-white> persist table <nospamd> persist file "/etc/mail/nospamd" pass in log on egress proto tcp to port smtp \ rdr-to 127.0.0.1 port spamd pass in log on egress proto tcp from <nospamd> to port smtp pass in log on egress proto tcp from <spamd-white> to port smtp pass out log on egress proto tcp to port smtp
pre-4.7 version:
table <spamd-white> persist table <nospamd> persist file "/etc/mail/nospamd" no rdr proto tcp from <nospamd> to $mailservers port smtp rdr pass on $ext_if inet proto tcp from <spamd> to \ port smtp -> 127.0.0.1 port 8025 rdr pass on $ext_if inet proto tcp from !<spamd-white> to \ port smtp -> 127.0.0.1 port 8025
Essential data in the spamd and spamd-white tables (but modern spamd versions use the /var/db/spamdb database).