我为本地邮件服务器配置了 ipfw。一切正常,但过了一段时间(从一天半到几个小时)后,出现了错误:其他域的邮件来了,但邮件没有从我的邮件程序发送到另一个域。重载或关闭 ipfw 可以立即解决问题。我域内的邮件运行良好。我的邮件程序是 postfix、dovecot、MySQl 以下是我的规则:
#!/bin/sh
cmd="/sbin/ipfw -q"
${cmd} -f flush
#loopback
${cmd} add 10 allow ip from any to any via lo0
${cmd} add 11 deny ip from any to 127.0.0.1/8
${cmd} add 12 deny ip from 127.0.0.1/8 to any
#
${cmd} add 20 allow tcp from any to any established
#table ssh 22
table_ssh=22
${cmd} table $table_ssh flush
${cmd} table $table_ssh add 192.168.0.48
#icmp
${cmd} add 30 allow icmp from 192.168.0.0/24 to me
${cmd} add 30 allow icmp from me to 192.168.0.0/24
#ssh
${cmd} add 40 allow tcp from "table(22)" to me 22 in via em0
${cmd} add 41 deny log tcp from any to me 22 in via em0
#mail, web
${cmd} add 50 deny tcp from 192.168.1.0/24 to me 25,110,143,80 in via em0
${cmd} add 51 allow tcp from any to me 25,110,143,80 in via em0
#servers rules
${cmd} add 60 allow ip from me to any out via em0
#UDP Server
${cmd} add 61 allow udp from me to any dst-port 53 out via em0
${cmd} add 62 allow udp from any to me src-port 53 in via em0