sharing network and address between tables and softwares

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

sharing network and address between tables and softwares

Stéphane Guedon
I make some use of address tables in pf. Less than some of the great
expert we have there, but still.

I was wondering if it were possible to share the tables defined in pf
to work with other softwares.

I think particularely to use the <localnet> table defined in
/etc/pf.cnf in smtpd too, to allow pass directly without auth.

Do you understand me ?
Thanks in advance.

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Reply | Threaded
Open this post in threaded view
|

Re: sharing network and address between tables and softwares

Janne Johansson-3
The simple workaround would be to have a "nicer" smtpd on a different port
and have PF send <localnets> to that one, which would not require auth.

It depends on what amount of "realtime" you require for dynamic lists, and
how easy you may feed a list from the kernel into that particular daemon.




2014-05-19 11:35 GMT+02:00 Stéphane Guedon <[hidden email]>:

> I make some use of address tables in pf. Less than some of the great
> expert we have there, but still.
>
> I was wondering if it were possible to share the tables defined in pf
> to work with other softwares.
>
> I think particularely to use the <localnet> table defined in
> /etc/pf.cnf in smtpd too, to allow pass directly without auth.
>
> Do you understand me ?
> Thanks in advance.
>
> [demime 1.01d removed an attachment of type application/pgp-signature
> which had a name of signature.asc]
>
>


--
May the most significant bit of your life be positive.

Reply | Threaded
Open this post in threaded view
|

Re: sharing network and address between tables and softwares

Ted Unangst-6
In reply to this post by Stéphane Guedon
On Mon, May 19, 2014 at 11:35, Stéphane Guedon wrote:
> I make some use of address tables in pf. Less than some of the great
> expert we have there, but still.
>
> I was wondering if it were possible to share the tables defined in pf
> to work with other softwares.
>
> I think particularely to use the <localnet> table defined in
> /etc/pf.cnf in smtpd too, to allow pass directly without auth.

smtd.conf:

listen on lo0 port 587 tag islocal

accept from any for any relay tagged islocal

pf.conf:

pass in something something rdr-to localhost port 587

Reply | Threaded
Open this post in threaded view
|

Re: sharing network and address between tables and softwares

Giancarlo Razzolini-3
In reply to this post by Stéphane Guedon
Em 19-05-2014 06:35, Stéphane Guedon escreveu:

> I make some use of address tables in pf. Less than some of the great
> expert we have there, but still.
>
> I was wondering if it were possible to share the tables defined in pf
> to work with other softwares.
>
> I think particularely to use the <localnet> table defined in
> /etc/pf.cnf in smtpd too, to allow pass directly without auth.
>
> Do you understand me ?
> Thanks in advance.
>
> [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
>
Tables on pf.conf can be files. So you could create files with the
networks/hosts, have them be imported on pf.conf and read by smtpd. From
what I read from the table(5) documentation, these files could be used
by it, no problems.

Cheers,

--
Giancarlo Razzolini
GPG: 4096R/77B981BC