Date: Mon, 19 Jan 2015 03:37:55 +0000 From: Emma Turing <emma@robotbase.org> To: <freebsd-pf@freebsd.org> Subject: Kickstarter Invitation Message-ID: <30485748.20150119033755.54bc7c13dd5499.85989338@mail134-16.atl141.mandrillapp.com>
next in thread | raw e-mail | index | archive | help
Hi, I'd like to invite you to back our Kickstarter project - The World's First Personal Robot <https://www.kickstarter.com/projects/403524037/personal-robot>. We're already 210% funded and the #1 Robot Project on Kickstarter now. PERSONAL ROBOT IS THE WHOLE PACKAGE: - The world's first personal assistant robot that can see, hear, smell, move, and feel - The smartest home automation system (supports both Z-Wave and Zigbee) - A photographer, storyteller, companion, security guard, and more - Powered by Artificial Intelligence algorithms - Open APIs We're been featured by TechCrunch, Mashable, and VentureBeat. Thanks, Emma *If you're not interested, please simply reply "don't email" and we'll stop emailing you immediately.* From owner-freebsd-pf@FreeBSD.ORG Mon Jan 19 16:07:19 2015 Return-Path: <owner-freebsd-pf@FreeBSD.ORG> Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6868560C for <freebsd-pf@freebsd.org>; Mon, 19 Jan 2015 16:07:19 +0000 (UTC) Received: from mail-lb0-f170.google.com (mail-lb0-f170.google.com [209.85.217.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D171EFA for <freebsd-pf@freebsd.org>; Mon, 19 Jan 2015 16:07:18 +0000 (UTC) Received: by mail-lb0-f170.google.com with SMTP id 10so28843511lbg.1 for <freebsd-pf@freebsd.org>; Mon, 19 Jan 2015 08:07:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=k+SBNumzCp9edRI4nD1n0YRJmHlw+WkUAO3Dq0SdK9M=; b=r1xWawwo1VKRdjiBxmb6Dp11SLWryCFO6ztBQ52qVJmK35EPl3Jc7ioKPW6s8QvKKh F6RxXSmufcr/VDh5N+rY0BEX9vAJrDJ+xp5xYVNsyJn9RnSE2+EWXi7k7XQK7tAr3nKk 3/XxiKcReH0zKT2FLv+pF2/qLfGvaz1Cya34iO47hc0zHJ6voqPNLgatMQNoO4a5J/Y/ aVuUWNDMFjJRWi+JDTnvFeUn6DC8cWgQr78O0DBXZwrtS373TUbj1R1m67/n7mQo/ocp I5yRZ5P4lv2T+ZiC+apJOaPGw0uG7jb64kom1X5trBDVXcLHKyjMd/FXFELLH5y2aQpt xafQ== X-Received: by 10.112.160.33 with SMTP id xh1mr32654170lbb.60.1421683625563; Mon, 19 Jan 2015 08:07:05 -0800 (PST) MIME-Version: 1.0 Received: by 10.112.20.229 with HTTP; Mon, 19 Jan 2015 08:06:25 -0800 (PST) From: Odhiambo Washington <odhiambo@gmail.com> Date: Mon, 19 Jan 2015 19:06:25 +0300 Message-ID: <CAAdA2WM=f_Xx9SVoez1O8qEfBL2EHGS8-YaUFkdMK7zd5NrLhQ@mail.gmail.com> Subject: Controlling P2P with PF To: "freebsd-pf@freebsd org" <freebsd-pf@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" <freebsd-pf.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>; List-Post: <mailto:freebsd-pf@freebsd.org> List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 19 Jan 2015 16:07:19 -0000 Hello all, So I found this link while trying to figure out of PF can control P2P - ttp://www.benhup.com/?mf=freebsd&sf=freebsd8.2-p9_04_peerblock I tried using it, but I could still download using utorrent from my network. Does this mean I am beating a dead horse, or I have my filter rules in bad order or something I am missing? My pf.conf: for FreeBSD 10.1-RELEASE I appreciate all advise. ## Options ### ### Macros ### ext_if = "re1" # External network interface for IPv4 ext_if6 = "re1" # External network interface for IPv6 ext_addr = "A.B.C.D" # External IPv4 address (i.e., global) int_if = "re0" # Internal network interface for IPv4 int_if6 = "re0" # Internal network interface for IPv6 int_addr = "192.168.2.254" # Internal IPv4 address (i.e., gateway for private network) int_network = "192.168.2.0/24" # Internal IPv4 network WinSvr2008 = "192.168.2.2" ### Tables ### # Host local address table <local> const { 127.0.0.1 } # IPv4 private address ranges table <private> const { 10/8, 172.16/12, 192.168/16 } # Special-use IPv4 addresses defined in RFC3330 table <special> const { 0/8, 14/8, 24/8, 39/8, 127/8, 128.0/16, 169.254/16, 192.0.0/24, 192.0.2/24, 192.88.99/24, 198.18/15, 240/4 } # Block P2P # http://www.benhup.com/?mf=freebsd&sf=freebsd8.2-p9_04_peerblock table <block_p2p> persist file "/etc/pf/block-p2p.pf" # LIMITS set limit { frags 30000, states 100000, table-entries 300000 } ### Scrub: Packet normalization ### # Scrub for all incoming packets scrub in all # Randomize the ID field for all outgoing packets scrub out all random-id # If you have MTU problem or something like that #scrub out all random-id max-mss 1400 ### NAT ### #RDP to WinSvr2008 rdr on $ext_if proto tcp from any to any port 3389 -> $WinSvr2008 # Redirect direct/local web traffic to local web server. rdr on $int_if proto tcp from 192.168.2.254/32 to 192.168.2.254/32 port 80 -> 192.168.2.254 port 80 rdr on $int_if proto tcp from 192.168.2.254/32 to 192.168.2.254/32 port 443 -> 192.168.2.254 port 443 # Squid Transparent Proxy # refer http://www.benzedrine.cx/tranint_addr.html rdr on $int_if proto tcp from $int_network to any port 80 -> $int_addr port 13128 #rdr on $int_if proto tcp from $int_network to any port 443 -> $int_addr port 13129 # SMTP redirection rdr on $int_if proto tcp from $int_network to any port 25 -> $int_addr port 587 rdr on $int_if proto tcp from $int_network to any port 110 -> $int_addr port 110 # Let all other stuff go out nat on $ext_if from $int_network to ! <private> -> $ext_addr ### Filters ### # P2P Blocking block log quick from any to <block_p2p> label "Attempted p2p-sniffer traffic" # Permit keep-state packets for UDP and TCP on external interfaces pass out quick on $ext_if proto udp all keep state pass out quick on $ext_if6 proto udp all keep state pass out quick on $ext_if proto tcp all modulate state flags S/SA pass out quick on $ext_if6 proto tcp all modulate state flags S/SA # Permit any packets from internal network to this host pass in quick on $int_if inet from $int_network to $int_addr # Permit established sessions from internal network to any (incl. the Internet) pass in quick on $int_if inet from $int_network to any keep state # If you want to limit the number of sessions per NAT, nodes per NAT (simultaneously), and sessions per source IP # Please refer to <http://www.openbsd.org/faq/pf/filter.html>; for greater detailed information #pass in quick on $int_if inet from $int_network to any keep state (max 30000, source-track rule, max-src-nodes 100, max-src-states 500 ) # Permit and log all packets from clients in private network through NAT pass in quick log on $int_if all # Pass any other packets pass in all pass out all -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30485748.20150119033755.54bc7c13dd5499.85989338>