From owner-freebsd-security@FreeBSD.ORG Fri Jan 22 16:19:38 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7392106566C for ; Fri, 22 Jan 2010 16:19:38 +0000 (UTC) (envelope-from kalin@el.net) Received: from mail.el.net (mail.el.net [74.1.12.120]) by mx1.freebsd.org (Postfix) with ESMTP id 51AEB8FC08 for ; Fri, 22 Jan 2010 16:19:37 +0000 (UTC) Received: (qmail 82242 invoked by uid 1008); 22 Jan 2010 17:35:32 -0000 Received: from unknown (HELO kalins-macbook-pro.local) (kalin@el.net@24.193.246.51) by mail.el.net with ESMTPA; 22 Jan 2010 17:35:32 -0000 Message-ID: <4B59D019.7040409@el.net> Date: Fri, 22 Jan 2010 11:19:37 -0500 From: kalin m User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: S4mmael References: <4B5958E2.9010509@el.net> <6e38aed81001220032p2f4948bftede7862e1d7c7cf7@mail.gmail.com> In-Reply-To: <6e38aed81001220032p2f4948bftede7862e1d7c7cf7@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: pf rules X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jan 2010 16:19:38 -0000 not sure if that would affect smtp. would it? how so? S4mmael wrote: > If I guess your idea right, you should specify direction like this: > pass in proto udp to any port $udp > > "pass proto udp to any port $udp" passes traffic in any direction > (ingoing and outgoing). > > 2010/1/22 kalin m : > >> hi all... >> >> doing testing with pf... >> >> how is it possible that if i have these rules below in pf.conf if i do: >> telnet that.host.org 25 >> >> i get: >> Trying xx.xx.xx.xx... >> Connected to that.host.org. >> Escape character is '^]'. >> ........... etc ....... >> >> >> pf.conf contetns: >> >> tcp_in = "{ www, https }" >> ftp_in = "{ ftp }" >> udp = "{ domain, ntp }" >> ping = "echoreq" >> >> set skip on lo >> scrub in >> >> antispoof for eth0 inet >> >> block in all >> pass out all keep state >> pass proto udp to any port $udp >> pass inet proto icmp all icmp-type $ping keep state >> pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state >> pass proto tcp to any port ssh >> >> >> >> thanks.... >> >> >> >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >> >>