From owner-freebsd-pf@FreeBSD.ORG Wed Aug 9 00:10:27 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71C1A16A4DA for ; Wed, 9 Aug 2006 00:10:27 +0000 (UTC) (envelope-from solinym@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3C1543D5A for ; Wed, 9 Aug 2006 00:10:22 +0000 (GMT) (envelope-from solinym@gmail.com) Received: by py-out-1112.google.com with SMTP id c59so92800pyc for ; Tue, 08 Aug 2006 17:10:21 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=fIeGy9wWLfW7oEKPn7G+xQnR7iGwxv7gNaH0rxUAntgwl73et4auOSjSayvY0DEgTVVf88vvDsVEJJhpninGpF+7EHUHL0obwB2x7mzI88zJ+jdD9nV6LB6JQBEwOFyvZGXkMzYWudw3+uZg5JUMCnlEcm9F52m7enGjt/zl5dk= Received: by 10.35.40.10 with SMTP id s10mr349975pyj; Tue, 08 Aug 2006 17:10:21 -0700 (PDT) Received: by 10.35.34.13 with HTTP; Tue, 8 Aug 2006 17:10:21 -0700 (PDT) Message-ID: Date: Tue, 8 Aug 2006 19:10:21 -0500 From: "Travis H." To: "Jeremy C. Reed" In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_68939_28512898.1155082221477" References: Cc: freebsd-pf@freebsd.org Subject: Re: spamd chapter reviewer needed X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 00:10:27 -0000 ------=_Part_68939_28512898.1155082221477 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Here's some notes I had on the PF FAQ, meant to send them as diffs but may not if they won't be used. -- "If you're not part of the solution, you're part of the precipitate." Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ------=_Part_68939_28512898.1155082221477 Content-Type: application/octet-stream; name=NOTES Content-Transfer-Encoding: base64 X-Attachment-Id: f_eqmy3rq7 Content-Disposition: attachment; filename="NOTES" WW91IHByb2JhYmx5IHdhbnQgImtlZXAgc3RhdGUiIG9uIGFueSBuYXQvcmRyIHJ1bGVzLAplc3Bl Y2lhbGx5IGlmIHRoZXkgYXJlIGFsc28gInBhc3MiIHNob3J0LWNpcmN1aXRzLgpUaGlzIGlzIGJl Y2F1c2Ugb3RoZXJ3aXNlLCB0aGUgcmVwbGllcyB3aWxsIG5vdCBtYXRjaAphIHN0YXRlIGFuZCBw cm9iYWJseSBiZSBibG9ja2VkLgoKYW50aXNwb29mIGV4cGFuZHMgdG8gYmxvY2sgcnVsZXMgd2l0 aCBubyBxdWljayBhbmQgbm8gbG9nCnNvIGl0J3Mgc3VwZXJmbHVvdXMgYWZ0ZXIgYSBkZWZhdWx0 LWJsb2NrIHJ1bGUuCgphbnRpc3Bvb2Ygc2hvdWxkIHN1cHBvcnQgYm90aCBrZXl3b3JkcyBxdWlj ayBhbmQgbG9nCgphbnRpc3Bvb2Ygc2hvdWxkbid0IGJlIHVzZWQgb24gYW4gaW50ZXJmYWNlIHdp dGggbW9yZSBuZXR3b3JrcwpiZXlvbmQgaXQgdGhhbiB0aGUgbG9jYWxseSBhdHRhY2hlZCBvbmUu Cgoic2V0IHNraXAiIGRvZXMgbm90IGFkZCBhY3Jvc3MgbGluZXMsIHNvIHB1dCBhbGwgb24gb25l IGxpbmUKCj4gSSdtIGZyZXF1ZW50bHkgaGVhcmluZyAobm90IG9ubHkgaW4gdGhlc2UgdGhyZWFk cykgdGhhdCBwZiBpcwo+IHRob3VnaHQgdG8gYmUgYnVnZ3kgd2l0aCByZWdhcmRzIHRvIHdpbmRv dyBzY2FsaW5nIHRoYXQgYW5kIHRoYXQKPiBpdCBjYW4gY2F1c2UgcHJvYmxlbXMgbGlrZSB0aG9z ZSBkZXNjcmliZWQgaW4gdGhlc2UgdGhyZWFkcy4KClByb2JsZW1zIGxpa2UgdGhpcyBvY2N1ciB3 aGVuIHBlb3BsZSB1c2UgcGYgdG8gZmlsdGVyIHN0YXRlZnVsbHksCmJ1dCBkbyBub3QgY3JlYXRl IHN0YXRlIG9uIHRoZSBpbml0aWFsIFNZTiBvZiBUQ1AgY29ubmVjdGlvbnMuCgpXaW5kb3cgc2Nh bGluZyBzdXBwb3J0IGlzIG5lZ290aWF0ZWQgaW4gdGhlIFNZTiBhbmQgU1lOK0FDSwpwYWNrZXRz IG9mIGNvbm5lY3Rpb24gZXN0YWJsaXNobWVudC4gcGYgY2FuIG9ubHkgc3VwcG9ydCBpdApwcm9w ZXJseSB3aGVuIGJvdGggdGhlc2UgcGFja2V0cyBhcmUgc2VlbiBhbmQgYXNzb2NpYXRlZCB3aXRo CmEgc3RhdGUgZW50cnkgKGkuZS4geW91IGNyZWF0ZSBzdGF0ZSBvbiBTWU4gYW5kIFNZTitBQ0sg bWF0Y2hlcwp0aGUgc3RhdGUpLgoKSWYgdGhlIHJ1bGVzZXQgcGFzc2VzIHRoZSBTWU4gcGFja2V0 IHN0YXRlbGVzc2x5ICh3aXRob3V0ICdrZWVwCnN0YXRlJyksIGJ1dCB0aGVuIGNyZWF0ZXMgc3Rh dGUgb24gdGhlIHJldHVybmluZyBTWU4rQUNLLCB0aGUKc3RhdGUgZW50cnkgaGFzIG1pc3NlZCB0 aGUgd2luZG93IHNjYWxpbmcgbmVnb3RpYXRpb24uIFRoZXJlCndlcmUgYSBjb3VwbGUgb2YgcmVw b3J0cyBvZiBwZW9wbGUgd2hvIG1hbmFnZWQgdG8gZG8gdGhpcywgYWxsCmJ5IG1pc3Rha2UgKGlm IHlvdSBpbnRlbmQgdG8gY3JlYXRlIHN0YXRlLCB5b3UgbW9zdCBjZXJ0YWlubHkKd2FudCB0byBk byBpdCBvbiB0aGUgaW5pdGlhbCBwYWNrZXQpLgoKTW9zdCBwZW9wbGUgd291bGQgY2FsbCB0aGVz ZSBtaXNjb25maWd1cmF0aW9ucyAoYnVnZ3kgcnVsZXNldHMpLApidXQgc29tZSBwZW9wbGUgZmVl bCB0aGF0IG9ubHkgYSBidWdneSBwcm9ncmFtIHdvdWxkIGFsbG93IGEKdXNlciB0byBtYWtlIHN1 Y2ggYSBtaXN0YWtlLCBoZW5jZSBwZiBtdXN0IGJlIGJ1Z2d5LiBIZW5jZSB0aGUKbXl0aCBvZiAi cGYgaXMgYnVnZ3kgd3J0IHdpbmRvdyBzY2FsaW5nIi4gSSBzdWdnZXN0IHRoZXNlIHBlb3BsZQpk b24ndCB1c2UgdG9vbHMgd2l0aCBzaGFycCBlZGdlcywgdGhleSBjb3VsZCBodXJ0IHRoZW1zZWx2 ZXMgOykKCklmIHlvdSB3YW50IGEgc2ltcGxlIHdheSB0byBlbnN1cmUgdGhpcyBpcyBub3QgaGFw cGVuaW5nIHdpdGgKeW91ciBydWxlc2V0LCBtYWtlIHN1cmUgdGhhdAoKIGEpIHRoZXJlIGlzIGEg ZGVmYXVsdCBibG9jayBwb2xpY3kKIGIpIGFsbCAncGFzcycgcnVsZXMgdGhhdCBjYW4gbWF0Y2gg VENQIGhhdmUgJ2ZsYWdzIFMvU0EnCiBjKSBhbGwgJ3Bhc3MnIHJ1bGVzIGhhdmUgJ2tlZXAgc3Rh dGUnCgpBbmQsIG5vLCBvdGhlciBwYWNrZXQgZmlsdGVycyBoYXZlIG5vIG1hZ2ljYWwgd2F5IG9m IGRlZHVjaW5nIHRoZQpwcm9wZXIgc2NhbGluZyBmYWN0b3JzIGlmIHRoZXkgbWlzc2VkIHRoZSBo YW5kc2hha2UuIElmIHRoZXkgZG9uJ3QKc3RhbGwgY29ubmVjdGlvbnMgaW4gdGhpcyBzY2VuYXJp bywgaXQganVzdCBtZWFucyB0aGV5IGFyZSB1c2luZwpzbG9wcHkgVENQIHdpbmRvdyByZXN0cmlj dGlvbnMgb3IgZG9uJ3QgY2hlY2sgVENQIHNlcXVlbmNlIG51bWJlcnMKYXQgYWxsLiBXZSBhcmUg cHJvdWQgb2Ygb3VyIHN0cmljdCB3aW5kb3cgY2hlY2tzIDopCgotLS0KCkkgZmlndXJlZCBzaW5j ZSAidGhlIHN0YXRlIiB3b3VsZCBiZSAiZmxvYXRpbmciIHRoYXQgSSdkIGNyZWF0ZSBhbGwgdGhl CnN0YXRlcyBvbiBvdXRnb2luZywgYnV0IGxhdGVyIGxlYXJuZWQgdGhhdCBpdCdzIGFjdHVhbGx5 IHR3byBkaWZmZXJlbnQKc3RhdGVzLCBzbyB0aGUgJGV4dGVybmFsIHN0YXRlIHdpbGwgYmUgY3Jl YXRlZCB3aXRoIHRoZSByZXR1cm5pbmcKU1lOK0FDSyBwYWNrZXQsIHRodXMgYnJlYWtpbmcgd3Nj YWxlIHN1cHBvcnQuIEZyb20gd2hhdCBJIGNhbiB1bmRlcnN0YW5kCnNvIGZhciBzdGF0ZSBlbnRy aWVzIGFyZSBib3VuZCB0byBlaXRoZXIgInJlY2VpdmUiIG9yICJzZW5kIiBxdWV1ZXMgb24KaW50 ZXJmYWNlcywgYW5kICJmbG9hdHMiIGJldHdlZW4gZm9yIGV4YW1wbGUgZGlmZmVyZW50IHJlY2Vp dmUgcXVldWVzIG9uCmRpZmZlcmVudCBpbnRlcmZhY2VzLCBidXQgbm90IGJldHdlZW4gZGlmZmVy ZW50IHJlY2VpZXZlIGFuZCBzZW5kIHF1ZXVlcy4uLgoKTm93IEkgbG92ZSB0b29scyB3aXRoIHNo YXJwIGVkZ2VzLCBhbmQgaWYgSSBlcnIgYW5kIGN1dCBteXNlbGYgSSdtIHRvCmJsYW1lLCBidXQg SSB0aGluayB0aGUgdG9vbHMgYWxzbyBiZSBkb2N1bWVudGVkIGVub3VnaHQgdG8gYWxsb3cgcGVv cGxlCnRvIGJlIGNyZWF0aXZlIHdpdGhvdXQgaGF2aW5nIHRoZSBibGFkZSBzbmFwLiBGcm9tIHRo ZSBPcGVuQlNEIG1hbnVhbDoKIkJ5IGRlZmF1bHQsIHBhY2tldHMgY29taW5nIGluIGFuZCBvdXQg b2YgYW55IGludGVyZmFjZSBjYW4gbWF0Y2ggYQpzdGF0ZSwgWy4uLl0iLCBidXQgaWYgSSBjcmVh dGUgImEgc3RhdGUiIGZyb20gQSB0byBCIG9uIHRoZSBpbnRpYWwgU1lOCnBhY2tldCBvbiBhbiBf b3V0Z29pbmdfIGludGVybmFsIGludGVyZmFjZSwgdGhlIHJldHVybmluZyBTWU4rQUNLIHdpbGwK X25vdF8gbWF0Y2ggaXQgb24gdGhlIGV4dGVybmFsIGludGVyZmFjZSAoc2luY2UgaXQncyAicmV0 dXJuaW5nIiBhbmQKdGh1cyBzaG91bGQgYmUgImluY29taW5nIiBJIGd1ZXNzPyksIGNyZWF0ZSBh IG5ldyBzdGF0ZSwgYW5kIGJyZWFrCndpbmRvdyBzY2FsaW5nLiBUaGlzIHRvIG1lLCBzdGlsbCBh ZnRlciByZS1yZWFkaW5nIGRvY3VtZW50YXRpb24sIHNlZW1zCmxpa2UgYW4gZXJyb3IgaW4gZWl0 aGVyIHRoZSBkb2N1bWVudGF0aW9uIG9yIHRoZSBpbXBsZW1lbnRhdGlvbi4KCgpXaGVuIHNvbWVv bmUgZG9lcyB0aGlzOgpwYXNzIG91dCBvbiBmeHAwIHByb3RvIHsgdGNwLCB1ZHAsIGljbXAgfSBm cm9tIGFueSB0byBhbnkgbW9kdWxhdGUgc3RhdGUKV2hhdCBmbGFncyBhcmUgdGhlcmUgb24gdGhl IHRjcCBydWxlPyAgSXMgbW9kdWxhdGUgY29udmVydGVkIHRvIGtlZXAgb24gVURQIGFuZCBJQ01Q PwpBcHBhcmVudGx5IG5vbmUuCgpOb3dhZGF5cyBtYW55IGhvc3RzIGVuYWJsZSBUQ1AKd2luZG93 IHNjYWxpbmcgYW5kIHVzZSA+MCBzY2FsaW5nIGZhY3RvcnMuIEZvciBwZiB0byBzdXBwb3J0IHRo YXQKcHJvcGVybHksIGl0IG11c3QgYWxzbyBjcmVhdGUgc3RhdGUgb24gdGhlIGluaXRpYWwgU1lO LiBDcmVhdGluZyBhIHN0YXRlCmZyb20gYW55IHBhY2tldCBsYXRlciB0aGFuIHRoZSBTWU4gd2ls bCBldmVudHVhbGx5IHN0YWxsIHRoZSBjb25uZWN0aW9uLgpJZiB5b3Uga25vdyBUQ1Agd2luZG93 IHNjYWxpbmcgaXNuJ3QgdXNlZCwgeW91IGNhbiBjcmVhdGUgc3RhdGUgb24gYW55CnBhY2tldCwg YnV0IGluIGdlbmVyYWwgeW91IHNob3VsZCB1c2UgJ2ZsYWdzIFMvU0EnIG9uIHN0YXRlIGNyZWF0 aW5nCnJ1bGVzLgoKCldlIHJlY2VudGx5IGhhZCBhIGxlbmdodHkgdGhyZWFkIGFib3V0IHRoZSBk aXNhZHZhbnRhZ2VzIChyZXF1aXJpbmcKc2VwYXJhdGUgaG9zdHMpIG9mIGxhY2tpbmcgaW5ib3Vu ZCBxdWV1ZXMsIHNlZQoKaHR0cDovL2dyb3Vwcy5nb29nbGUuY29tL2dyb3VwL2JpdC5saXN0c2Vy di5vcGVuYnNkLXBmL2Jyb3dzZV90aHJlYWQvdGhyZWFkLzVkZTFjNzczMTExNGJkYWUKCklmIHlv dSBoYXZlIHRvIG1vdmUgdGhlIHByb2Nlc3MgdG8gYW5vdGhlciBob3N0LCBtYXliZSBpdCdzIGEg bGl0dGxlCmNvbWZvcnRpbmcgdGhhdCB0aGlzIGlzIGFsc28gdGhlIHdpc2UgdGhpbmcgdG8gZG8g ZnJvbSBhIHNlY3VyaXR5CnBlcnNwZWN0aXZlLiBJbiB0aGUgY29tcGxldGVseSBoeXBvdGhldGlj YWwgY2FzZSB3aGVyZSB0aGUgcHJvY2VzcyBoYXMKYSByZW1vdGVseSBleHBsb2l0YWJsZSBob2xl LCB5b3UgZG9uJ3QgcmlzayB0aGUgYXR0YWNrZXIgdXNpbmcgaXQgdG8KZ2FpbiByb290IG9uIHRo ZSBmaXJld2FsbCBhbmQgb3BlbmluZyB1cCBpdHMgcnVsZXNldC4KCgpNYWtlIGEgImRlZmF1bHQg ZGVueSIgY29tcGlsZS10aW1lIG9wdGlvbi4KCkNoYW5nZSAvZXRjL3JjIHNvIHRoYXQgdGhlIGRl ZmF1bHQgcnVsZXNldCB1c2VzICJzZXQgc2tpcCIgYW5kIHF1aWNrIHJ1bGVzLgoKQWRkOgpodHRw Oi8vd3d3LmJlbnplZHJpbmUuY3gvcGYvbXNnMDc0MjkuaHRtbAoKCk5vdyB0aGUgZGlzYWR2YW50 YWdlIGlzIHRoYXQgdGhpcyBibG9jayBhbGwgY29ubmVjdGlvbnMgZnJvbSBhbiBpcCBpZgphIHJ1 bGUgZ2V0J3MgdHJpZ2dlcmVkLCB3aGljaCBpcyBwcmV0dHkgYnJvYWQuIFdoYXQgSSB3YW50IGlz IHRvIGhhdmUKZmluZXIgZ3JhaW5lZCBydWxlcywgaWUgYmxvY2sgb25seSB0aGUgb2ZmZW5kaW5n IGNvbm5lY3Rpb24sIGRlZmluZWQKYnkgdGhlIHNpcCwgZGlwLCBzcG9ydCBhbmQgZHBvcnQuIFN1 Y2ggYSBjb25maWd1cmF0aW9uIGNhbm5vdCBiZQpoYW5kbGVkIGJ5IHRhYmxlcywgYWZpay4gVGhp cyBpcyB0aGUgcmVhc29uIEkgd2FudGVkIHRvIGFkZCBhbmQgcmVtb3ZlCnRoZSBydWxlcyBpdHNl bGYuCgpodHRwOi8vd3d3Lm1haWwtYXJjaGl2ZS5jb20vcGZAYmVuemVkcmluZS5jeC9tc2cwNzgw OS5odG1sCgoKQ29uc2lkZXIgYmxvY2tpbmcgYnJ1dGUtZm9yY2UgYXR0ZW1wdHMgZm9yIG9ubHkg dGhlIHBvcnQgaW52b2x2ZWQsIGluCmNhc2UgdGhlIGF0dGFja2VyIGlzIGJlaGluZCBOQVQgYW5k IHNvIGFyZSBzb21lIGlubm9jZW50IHVzZXJzLgoKCg== ------=_Part_68939_28512898.1155082221477-- From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 07:49:05 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C13B016A4DA for ; Fri, 11 Aug 2006 07:49:05 +0000 (UTC) (envelope-from zope@2012.vi) Received: from efit.xs4all.nl (efit.xs4all.nl [82.92.236.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0378943D45 for ; Fri, 11 Aug 2006 07:49:04 +0000 (GMT) (envelope-from zope@2012.vi) Received: from [192.168.0.6] (dpc67143135132.direcpc.com [67.143.135.132]) by efit.xs4all.nl (Weasel v1.73) for ; 11 Aug 2006 09:45:35 Message-ID: <44DC3667.8020800@2012.vi> Date: Fri, 11 Aug 2006 03:48:55 -0400 From: beno User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Spoofers, Spammers & Other Bad Guys X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 07:49:05 -0000 Hi; I'm configuring my firewall and I'd like to make a table of "bad guys", preferably one that automatically updates from the Web. Surely someone else has already thought of this and implemented something similar, so could someone clue me in? Also, where do I find a list of devices (lo, fxp0, etc.) in my box? TIA, beno From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 07:51:20 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 676F816A4DF for ; Fri, 11 Aug 2006 07:51:20 +0000 (UTC) (envelope-from phoemix@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFED443D4C for ; Fri, 11 Aug 2006 07:51:19 +0000 (GMT) (envelope-from phoemix@harmless.hu) Received: from localhost (localhost [127.0.0.1]) by marvin (Postfix) with ESMTP id 3FC0820001CC; Fri, 11 Aug 2006 09:51:18 +0200 (CEST) Received: from marvin.harmless.hu ([127.0.0.1]) by localhost (marvin [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08329-08; Fri, 11 Aug 2006 09:51:17 +0200 (CEST) Received: by marvin (Postfix, from userid 1000) id A7D3F20001CB; Fri, 11 Aug 2006 09:51:17 +0200 (CEST) Date: Fri, 11 Aug 2006 09:51:17 +0200 To: beno Message-ID: <20060811075117.GA3176@marvin.harmless.hu> References: <44DC3667.8020800@2012.vi> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="a8Wt8u1KmwUX3Y2C" Content-Disposition: inline In-Reply-To: <44DC3667.8020800@2012.vi> User-Agent: Mutt/1.5.9i From: phoemix@harmless.hu (Gergely CZUCZY) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at harmless.hu Cc: freebsd-pf@freebsd.org Subject: Re: Spoofers, Spammers & Other Bad Guys X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 07:51:20 -0000 --a8Wt8u1KmwUX3Y2C Content-Type: text/plain; charset=utf-8 Content-Disposition: inline On Fri, Aug 11, 2006 at 03:48:55AM -0400, beno wrote: > Hi; > I'm configuring my firewall and I'd like to make a table of "bad guys", > preferably one that automatically updates from the Web. Surely someone > else has already thought of this and implemented something similar, so > could someone clue me in? man pf (look at the API) i suggest tables for you > Also, where do I find a list of devices (lo, fxp0, etc.) in my box? > TIA, ifconfig, dmesg Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu PGP: http://phoemix.harmless.hu/phoemix.pgp Weenies test. Geniuses solve problems that arise. --a8Wt8u1KmwUX3Y2C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFE3Db1bBsEN0U7BV0RAppmAKDakloiR0/0ghdsShT1z9dqTmL4RQCgiN/e PfqeK0c89ZFG4/5AHelTzQM= =mh3G -----END PGP SIGNATURE----- --a8Wt8u1KmwUX3Y2C-- From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 07:58:13 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 36A4A16A4DE for ; Fri, 11 Aug 2006 07:58:13 +0000 (UTC) (envelope-from mime@traveller.cz) Received: from ss.eunet.cz (ss.eunet.cz [193.85.228.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7601143D45 for ; Fri, 11 Aug 2006 07:58:12 +0000 (GMT) (envelope-from mime@traveller.cz) Received: from localhost.i.cz (ss.eunet.cz [193.85.228.13]) by ss.eunet.cz (8.13.6/8.13.6) with ESMTP id k7B7w4G8026245 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Fri, 11 Aug 2006 09:58:07 +0200 (CEST) (envelope-from mime@traveller.cz) From: Michal Mertl To: beno In-Reply-To: <44DC3667.8020800@2012.vi> References: <44DC3667.8020800@2012.vi> Content-Type: text/plain Date: Fri, 11 Aug 2006 09:57:44 +0200 Message-Id: <1155283064.1130.5.camel@genius.i.cz> Mime-Version: 1.0 X-Mailer: Evolution 2.6.3 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: Spoofers, Spammers & Other Bad Guys X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 07:58:13 -0000 beno wrote: > Hi; > I'm configuring my firewall and I'd like to make a table of "bad guys", > preferably one that automatically updates from the Web. Surely someone > else has already thought of this and implemented something similar, so > could someone clue me in? Read section TABLES in pf.conf(5): table const { 10/8, 172.16/12, 192.168/16 } table persist block on fxp0 from { , } to any # pfctl -t badhosts -Tadd 204.92.77.111 > Also, where do I find a list of devices (lo, fxp0, etc.) in my box? ifconfig -l > TIA, > beno > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 08:14:33 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5F5A16A4DD for ; Fri, 11 Aug 2006 08:14:33 +0000 (UTC) (envelope-from kian.mohageri@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA9DD43D53 for ; Fri, 11 Aug 2006 08:14:32 +0000 (GMT) (envelope-from kian.mohageri@gmail.com) Received: by nf-out-0910.google.com with SMTP id g2so955701nfe for ; Fri, 11 Aug 2006 01:14:31 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=hhLUart2Iw5lGrYpen7Z3JQLFamK+o5vc3Vt2vn8/V++ZaVs4+kras98OxTOmzjWYW94eFsWstZnnlCOilYL+8nDdmM2gzxBnWP7IJY5UpuzvaOOEujuLvTs6fbc7U66TCxA1FXrmevp0dcRAaJHoFAe60Ff1r4X3fxJhJ/BluU= Received: by 10.78.193.5 with SMTP id q5mr2078266huf; Fri, 11 Aug 2006 01:14:31 -0700 (PDT) Received: by 10.78.23.10 with HTTP; Fri, 11 Aug 2006 01:14:31 -0700 (PDT) Message-ID: Date: Fri, 11 Aug 2006 01:14:31 -0700 From: "Kian Mohageri" To: beno In-Reply-To: <44DC3667.8020800@2012.vi> MIME-Version: 1.0 References: <44DC3667.8020800@2012.vi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: Spoofers, Spammers & Other Bad Guys X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 08:14:33 -0000 On 8/11/06, beno wrote: > > Hi; > I'm configuring my firewall and I'd like to make a table of "bad guys", > preferably one that automatically updates from the Web. Surely someone > else has already thought of this and implemented something similar, so > could someone clue me in? Read about OpenBSD's 'spamd'. You can have a cronjob update a pf table with the networks found in various blacklists, and they will be blocked from your mail server (or whatever) From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 08:20:04 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 029BF16A4E1 for ; Fri, 11 Aug 2006 08:20:03 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88C9643D45 for ; Fri, 11 Aug 2006 08:20:03 +0000 (GMT) (envelope-from Greg.Hennessy@nviz.net) Received: from gw2.local.net (unknown [62.3.210.251]) by smtp.nildram.co.uk (Postfix) with ESMTP id F0929273C7E for ; Fri, 11 Aug 2006 09:19:56 +0100 (BST) From: "Greg Hennessy" To: "'beno'" , Date: Fri, 11 Aug 2006 09:18:49 +0100 Keywords: freebsd-pf Message-ID: <001801c6bd1e$c5fd7af0$0a00a8c0@thebeast> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Thread-Index: Aca9HEm1WDvE3YwAQsKHbCIGdIAWvQAAMqMQ In-Reply-To: <44DC3667.8020800@2012.vi> X-OriginalArrivalTime: 11 Aug 2006 08:18:49.0503 (UTC) FILETIME=[C5FD7AF0:01C6BD1E] Cc: Subject: RE: Spoofers, Spammers & Other Bad Guys X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 08:20:04 -0000 > Hi; > I'm configuring my firewall and I'd like to make a table of > "bad guys", preferably one that automatically updates from > the Web. As long as you run a default block policy, maintaining an ever growing list of what are most likely dhcp assigned addresses is a complete waste of time and a nightmare to maintain. Spammers can be dealt with in number of ways.... Killing incoming 25/tcp from cidr blocks assigned to various parts of APNIC and other registries. Much easier and far less hassle than blocking individual addresses. Using spamd with graylisting. > Surely someone else has already thought of this and > implemented something similar, so could someone clue me in? Who/what are you trying to block exactly ? Anti spoofing comes as part of a properly written block policy. > > Also, where do I find a list of devices (lo, fxp0, etc.) in my box? ~# ifconfig -a Greg From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 12:35:33 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0C6216A504 for ; Fri, 11 Aug 2006 12:35:32 +0000 (UTC) (envelope-from zope@2012.vi) Received: from efit.xs4all.nl (efit.xs4all.nl [82.92.236.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id DEDEE43D46 for ; Fri, 11 Aug 2006 12:35:31 +0000 (GMT) (envelope-from zope@2012.vi) Received: from [192.168.0.6] (dpc67143135132.direcpc.com [67.143.135.132]) by efit.xs4all.nl (Weasel v1.73) for ; 11 Aug 2006 14:32:01 Message-ID: <44DC7987.2080605@2012.vi> Date: Fri, 11 Aug 2006 08:35:19 -0400 From: beno User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <001801c6bd1e$c5fd7af0$0a00a8c0@thebeast> In-Reply-To: <001801c6bd1e$c5fd7af0$0a00a8c0@thebeast> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Spoofers, Spammers & Other Bad Guys X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 12:35:34 -0000 Greg Hennessy wrote: > As long as you run a default block policy, maintaining an ever growing list > of what are most likely dhcp assigned addresses is a complete waste of time > and a nightmare to maintain. Could you give an example of this? TIA. beno From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 13:33:10 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1535C16A4DE for ; Fri, 11 Aug 2006 13:33:10 +0000 (UTC) (envelope-from zope@2012.vi) Received: from efit.xs4all.nl (efit.xs4all.nl [82.92.236.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C55643D45 for ; Fri, 11 Aug 2006 13:33:08 +0000 (GMT) (envelope-from zope@2012.vi) Received: from [192.168.0.6] (dpc67143135132.direcpc.com [67.143.135.132]) by efit.xs4all.nl (Weasel v1.73) for ; 11 Aug 2006 15:29:38 Message-ID: <44DC8709.1050605@2012.vi> Date: Fri, 11 Aug 2006 09:32:57 -0400 From: beno User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: "Reset" Script, Anyone? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 13:33:10 -0000 Hi; I am half a world away from my console. If I make a mistake entering my PF rules, I could lock myself out. It would be nice if I had a script I could activate by cron that automatically flushed out my rc.conf that I'm experimenting with and loaded the original. That way, I could set the cron, load my experimental rc.conf, reboot and see if I could still connect to my box. If I couldn't, then all I'd have to do is wait a few minutes and then I could try again. Surely I'm not the first person to have thought of this. Anyone have a script that does this? TIA, beno From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 13:52:55 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 194C816A4DD for ; Fri, 11 Aug 2006 13:52:55 +0000 (UTC) (envelope-from peter@bgnett.no) Received: from skapet.datadok.no (skapet.datadok.no [194.54.107.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id B982043D5E for ; Fri, 11 Aug 2006 13:52:45 +0000 (GMT) (envelope-from peter@bgnett.no) Received: from amidala.datadok.no ([194.54.103.98] helo=amidala.datadok.no.bsdly.net ident=peter) by skapet.datadok.no with esmtp (Exim 4.60) (envelope-from ) id 1GBXRL-0006Jx-K3 for freebsd-pf@freebsd.org; Fri, 11 Aug 2006 15:52:43 +0200 To: freebsd-pf@freebsd.org References: <44DC3667.8020800@2012.vi> From: peter@bgnett.no (Peter N. M. Hansteen) Date: Fri, 11 Aug 2006 15:52:42 +0200 In-Reply-To: <44DC3667.8020800@2012.vi> (beno's message of "Fri, 11 Aug 2006 03:48:55 -0400") Message-ID: <87k65fbcr9.fsf@amidala.datadok.no> User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.17 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Spoofers, Spammers & Other Bad Guys X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 13:52:55 -0000 beno writes: > Hi; > I'm configuring my firewall and I'd like to make a table of "bad guys", > preferably one that automatically updates from the Web. Surely someone > else has already thought of this and implemented something similar, so > could someone clue me in? spamd uses a mechanism pretty much like you describe[1], and you can stop quite a lot of other silliness by crafting 'overload' rules[2]. [1] man spamd and http://www.bgnett.no/~peter/pf/en/spamd.html [2] http://www.bgnett.no/~peter/pf/en/bruteforce.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 13:57:42 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69C5B16A518 for ; Fri, 11 Aug 2006 13:57:42 +0000 (UTC) (envelope-from jamesoff@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id C14AA43D49 for ; Fri, 11 Aug 2006 13:57:41 +0000 (GMT) (envelope-from jamesoff@gmail.com) Received: by nf-out-0910.google.com with SMTP id g2so1069566nfe for ; Fri, 11 Aug 2006 06:57:32 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=sf530gaslYbk/3Wx6GAxhIrZSJocoVXRhXVG0PjBo7r0kpkJQcxWTOwlFayv3g+cv9/1NDg7QYVznJ9VPSwpBinPnmb3+rz98s0/pU9++1Stu8jaaktOMt5SiWA/GIRUzRUe0e6g5RQ2QzSdMPlBJJMFG/NAwxGwP6v/MW5P0D8= Received: by 10.78.136.7 with SMTP id j7mr2173459hud; Fri, 11 Aug 2006 06:57:32 -0700 (PDT) Received: by 10.78.135.13 with HTTP; Fri, 11 Aug 2006 06:57:32 -0700 (PDT) Message-ID: <720051dc0608110657m1109c80dke2186baee9c2d9@mail.gmail.com> Date: Fri, 11 Aug 2006 14:57:32 +0100 From: "James Seward" To: beno In-Reply-To: <44DC8709.1050605@2012.vi> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44DC8709.1050605@2012.vi> Cc: freebsd-pf@freebsd.org Subject: Re: "Reset" Script, Anyone? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 13:57:42 -0000 On 8/11/06, beno wrote: > I am half a world away from my console. If I make a mistake entering my > PF rules, I could lock myself out. It would be nice if I had a script I > could activate by cron that automatically flushed out my rc.conf that > I'm experimenting with and loaded the original. That way, I could set > the cron, load my experimental rc.conf, reboot and see if I could still > connect to my box. If I couldn't, then all I'd have to do is wait a few > minutes and then I could try again. Surely I'm not the first person to > have thought of this. Anyone have a script that does this? I do this by having a screen session running, and a known-good pf.conf.safe: # pfctl -f pf.conf && sleep 60 && pfctl -f pf.conf.safe Then I detach my screen and try to login again, or test whatever I wanted to. If it's all good and I haven't locked myself out, I just have to get back into screen before 60 seconds pass and hit ^C. If I don't do that in time, it'll load my safe ruleset. /JMS From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 14:36:23 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9091816A4DD for ; Fri, 11 Aug 2006 14:36:23 +0000 (UTC) (envelope-from zope@2012.vi) Received: from efit.xs4all.nl (efit.xs4all.nl [82.92.236.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id B652243D46 for ; Fri, 11 Aug 2006 14:36:22 +0000 (GMT) (envelope-from zope@2012.vi) Received: from [192.168.0.6] (dpc67143135132.direcpc.com [67.143.135.132]) by efit.xs4all.nl (Weasel v1.73); 11 Aug 2006 16:32:51 Message-ID: <44DC95D9.9010002@2012.vi> Date: Fri, 11 Aug 2006 10:36:09 -0400 From: beno User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: James Seward , freebsd-pf@freebsd.org References: <44DC8709.1050605@2012.vi> <720051dc0608110657m1109c80dke2186baee9c2d9@mail.gmail.com> In-Reply-To: <720051dc0608110657m1109c80dke2186baee9c2d9@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: "Reset" Script, Anyone? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 14:36:23 -0000 James Seward wrote: > I do this by having a screen session running, and a known-good > pf.conf.safe: > > # pfctl -f pf.conf && sleep 60 && pfctl -f pf.conf.safe > > Then I detach my screen and try to login again, or test whatever I > wanted to. If it's all good and I haven't locked myself out, I just > have to get back into screen before 60 seconds pass and hit ^C. If I > don't do that in time, it'll load my safe ruleset. Perfect! Thanks! beno From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 15:20:38 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C420B16A4DE for ; Fri, 11 Aug 2006 15:20:38 +0000 (UTC) (envelope-from zope@2012.vi) Received: from efit.xs4all.nl (efit.xs4all.nl [82.92.236.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06C0843D49 for ; Fri, 11 Aug 2006 15:20:37 +0000 (GMT) (envelope-from zope@2012.vi) Received: from [192.168.0.6] (dpc67143135132.direcpc.com [67.143.135.132]) by efit.xs4all.nl (Weasel v1.73) for ; 11 Aug 2006 17:17:06 Message-ID: <44DCA03A.1080001@2012.vi> Date: Fri, 11 Aug 2006 11:20:26 -0400 From: beno User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Queueing Question X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 15:20:38 -0000 Hi; I want to be able to assign bandwidth based on (among other factors) media type (mp3, pdf, etc.) Can that be done? How? TIA, beno From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 15:49:46 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81D0216A4DA for ; Fri, 11 Aug 2006 15:49:46 +0000 (UTC) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95C9543D46 for ; Fri, 11 Aug 2006 15:49:44 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.63 #0 (FreeBSD 4.11-STABLE)) id 1GBZGX-0002ir-6w by authid for ; Fri, 11 Aug 2006 18:49:41 +0300 Date: Fri, 11 Aug 2006 18:49:41 +0300 From: Odhiambo Washington To: freebsd-pf@freebsd.org Message-ID: <20060811154941.GC75161@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.12 (2006-07-14) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.12-2006-07-14 Subject: Can PF allow access by username/userid? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 15:49:46 -0000 In the following article: http://www.linux.com/article.pl?sid=04/07/01/1833212 ... under the section "Putting it in action", the writer describes how they limit access by username with IPTables. I am wondering if this is achievable with PF. If yes, which section of the FAQ should I read? txt. -Wash DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Fresco's Discovery: If you knew what you were doing you'd probably be bored. From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 15:52:27 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC4DD16A4DE for ; Fri, 11 Aug 2006 15:52:27 +0000 (UTC) (envelope-from phoemix@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 596E843D46 for ; Fri, 11 Aug 2006 15:52:27 +0000 (GMT) (envelope-from phoemix@harmless.hu) Received: from localhost (localhost [127.0.0.1]) by marvin (Postfix) with ESMTP id 332C320001CC; Fri, 11 Aug 2006 17:52:26 +0200 (CEST) Received: from marvin.harmless.hu ([127.0.0.1]) by localhost (marvin [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32245-02; Fri, 11 Aug 2006 17:52:25 +0200 (CEST) Received: by marvin (Postfix, from userid 1000) id 9A17A20001CB; Fri, 11 Aug 2006 17:52:25 +0200 (CEST) Date: Fri, 11 Aug 2006 17:52:25 +0200 To: Odhiambo Washington , freebsd-pf@freebsd.org Message-ID: <20060811155225.GA17882@marvin.harmless.hu> References: <20060811154941.GC75161@ns2.wananchi.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="8t9RHnE3ZwKMSgU+" Content-Disposition: inline In-Reply-To: <20060811154941.GC75161@ns2.wananchi.com> User-Agent: Mutt/1.5.9i From: phoemix@harmless.hu (Gergely CZUCZY) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at harmless.hu Cc: Subject: Re: Can PF allow access by username/userid? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 15:52:27 -0000 --8t9RHnE3ZwKMSgU+ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 11, 2006 at 06:49:41PM +0300, Odhiambo Washington wrote: > In the following article: >=20 > http://www.linux.com/article.pl?sid=3D04/07/01/1833212 >=20 > ... under the section "Putting it in action", the writer > describes how they limit access by username with IPTables. >=20 > I am wondering if this is achievable with PF. If yes, which section > of the FAQ should I read? i'm pretty sure, that you haven't read pf.conf(5). please check the manual next time, _before_ you ask a question Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu PGP: http://phoemix.harmless.hu/phoemix.pgp Weenies test. Geniuses solve problems that arise. --8t9RHnE3ZwKMSgU+ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFE3Ke5bBsEN0U7BV0RAqNHAKDJm0jDjelOsOs9K5zx8ELuUfMCjwCfdG9R y5aPitGzM1MMa1kgn7eYfFg= =ztF1 -----END PGP SIGNATURE----- --8t9RHnE3ZwKMSgU+-- From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 16:05:07 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B08E16A4DD for ; Fri, 11 Aug 2006 16:05:07 +0000 (UTC) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BB2E43D45 for ; Fri, 11 Aug 2006 16:05:06 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.63 #0 (FreeBSD 4.11-STABLE)) id 1GBZVP-0005hj-ME by authid for ; Fri, 11 Aug 2006 19:05:03 +0300 Date: Fri, 11 Aug 2006 19:05:03 +0300 From: Odhiambo Washington To: freebsd-pf@freebsd.org Message-ID: <20060811160503.GE75161@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-pf@freebsd.org References: <20060811154941.GC75161@ns2.wananchi.com> <20060811155225.GA17882@marvin.harmless.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060811155225.GA17882@marvin.harmless.hu> X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.12 (2006-07-14) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.12-2006-07-14 Subject: Re: Can PF allow access by username/userid? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 16:05:07 -0000 * On 11/08/06 17:52 +0200, Gergely CZUCZY wrote: | On Fri, Aug 11, 2006 at 06:49:41PM +0300, Odhiambo Washington wrote: | > In the following article: | > | > http://www.linux.com/article.pl?sid=04/07/01/1833212 | > | > ... under the section "Putting it in action", the writer | > describes how they limit access by username with IPTables. | > | > I am wondering if this is achievable with PF. If yes, which section | > of the FAQ should I read? | | i'm pretty sure, that you haven't read pf.conf(5). | please check the manual next time, _before_ you ask a question You're right. I have always relied so much on the FAQ, as you rightly said. I will read the man page now. -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ It has been said that man is a rational animal. All my life I have been searching for evidence which could support this. -- Bertrand Russell From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 18:09:00 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CBEE16A4DA for ; Fri, 11 Aug 2006 18:09:00 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 16FAD43D6D for ; Fri, 11 Aug 2006 18:08:59 +0000 (GMT) (envelope-from Greg.Hennessy@nviz.net) Received: from gw2.local.net (unknown [62.3.210.251]) by smtp.nildram.co.uk (Postfix) with ESMTP id 9A55B2730B5 for ; Fri, 11 Aug 2006 19:08:55 +0100 (BST) From: "Greg Hennessy" To: "'beno'" , Date: Fri, 11 Aug 2006 19:07:45 +0100 Keywords: freebsd-pf Message-ID: <000001c6bd71$0bba9850$0a00a8c0@thebeast> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: Aca9RjdQIHjPZdJORAuYtXy/JK5IHgAKh98g In-Reply-To: <44DC7987.2080605@2012.vi> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-OriginalArrivalTime: 11 Aug 2006 18:07:45.0237 (UTC) FILETIME=[0BBA9850:01C6BD71] Cc: Subject: RE: Spoofers, Spammers & Other Bad Guys X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 18:09:00 -0000 > > list of what are most likely dhcp assigned addresses is a complete > > waste of time and a nightmare to maintain. > Could you give an example of this? The lists used by PeerGuardian. Greg From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 18:12:04 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03BC416A4E0 for ; Fri, 11 Aug 2006 18:12:04 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id A13B543D46 for ; Fri, 11 Aug 2006 18:12:03 +0000 (GMT) (envelope-from Greg.Hennessy@nviz.net) Received: from gw2.local.net (unknown [62.3.210.251]) by smtp.nildram.co.uk (Postfix) with ESMTP id 9AC23273238 for ; Fri, 11 Aug 2006 19:11:59 +0100 (BST) From: "Greg Hennessy" To: Date: Fri, 11 Aug 2006 19:10:49 +0100 Keywords: freebsd-pf Message-ID: <000401c6bd71$79d5d9d0$0a00a8c0@thebeast> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: Aca9X1ydhNRC9M2OTrC+v1b76SuS2AAEb1Mg In-Reply-To: <20060811155225.GA17882@marvin.harmless.hu> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-OriginalArrivalTime: 11 Aug 2006 18:10:49.0965 (UTC) FILETIME=[79D5D9D0:01C6BD71] Subject: RE: Can PF allow access by username/userid? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 18:12:04 -0000 > > I am wondering if this is achievable with PF. If yes, which > section of > > the FAQ should I read? > i'm pretty sure, that you haven't read pf.conf(5). I'm pretty sure he has. He just didn't see it. > please check the manual next time, _before_ you ask a question > While I am as guilty as anyone of telling the great unwashed to RTFMP. In Odhiambo Washingtons case it would be unjustified. He's been a regular contributor for a long time now and doesn't deserve it IMHO. Greg From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 18:30:52 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BEB016A4DD for ; Fri, 11 Aug 2006 18:30:52 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F10343D60 for ; Fri, 11 Aug 2006 18:30:44 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.64.188.8] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu4) with ESMTP (Nemesis), id 0ML21M-1GBbmN0Sh5-0005oP; Fri, 11 Aug 2006 20:30:43 +0200 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Fri, 11 Aug 2006 20:31:22 +0200 User-Agent: KMail/1.9.3 References: <20060811154941.GC75161@ns2.wananchi.com> In-Reply-To: <20060811154941.GC75161@ns2.wananchi.com> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart12558731.Qgo8T2q5zl"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200608112031.33047.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: Subject: Re: Can PF allow access by username/userid? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 18:30:52 -0000 --nextPart12558731.Qgo8T2q5zl Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 11 August 2006 17:49, Odhiambo Washington wrote: > In the following article: > > http://www.linux.com/article.pl?sid=3D04/07/01/1833212 > > ... under the section "Putting it in action", the writer > describes how they limit access by username with IPTables. > > I am wondering if this is achievable with PF. If yes, which section > of the FAQ should I read? There is a "user" and "group" keyword that can be used to match user and gr= oup=20 credentials (surprise). Note however, that inspecting socket information=20 (Layer 4) in pf (Layer 3) is a layering violation. This manifests itself i= n=20 a Lock Order Reversal (LOR) which can lead to a deadlock. Thus you need to= =20 set debug.mpsafenet=3D0 as described in the BUGS section of pf.conf(5). In general it is better to do "personal firewalling" in the MAC framework. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart12558731.Qgo8T2q5zl Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBE3M0FXyyEoT62BG0RAk1TAJ4pP+7bWq/TtoOffVO7F+UxelnNUACfWiip +8IJBXkDR0KstiaO9tYsB+I= =lNLQ -----END PGP SIGNATURE----- --nextPart12558731.Qgo8T2q5zl-- From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 19:09:37 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9BB816A4E1 for ; Fri, 11 Aug 2006 19:09:37 +0000 (UTC) (envelope-from zope@2012.vi) Received: from efit.xs4all.nl (efit.xs4all.nl [82.92.236.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21A9243D45 for ; Fri, 11 Aug 2006 19:09:36 +0000 (GMT) (envelope-from zope@2012.vi) Received: from [192.168.0.6] (dpc67143135132.direcpc.com [67.143.135.132]) by efit.xs4all.nl (Weasel v1.73) for ; 11 Aug 2006 21:06:06 Message-ID: <44DCD5E4.9020405@2012.vi> Date: Fri, 11 Aug 2006 15:09:24 -0400 From: beno User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: What Do These Devices Do? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 19:09:38 -0000 Hi; I'm following a great tutorial on how to build strong and safe IPFilters. However, I don't have the same devices in my box that it references, and I don't know what my devices do, so I can't write my rules yet. Please tell me what these guys do (what packets they receive or send, etc.): vr0 plip0 lo0 TIA, beno From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 19:55:46 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6ABD916A4E1 for ; Fri, 11 Aug 2006 19:55:46 +0000 (UTC) (envelope-from zope@2012.vi) Received: from efit.xs4all.nl (efit.xs4all.nl [82.92.236.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4B9C43D49 for ; Fri, 11 Aug 2006 19:55:45 +0000 (GMT) (envelope-from zope@2012.vi) Received: from [192.168.0.6] (dpc67143135132.direcpc.com [67.143.135.132]) by efit.xs4all.nl (Weasel v1.73); 11 Aug 2006 21:52:13 Message-ID: <44DCE0B4.9000003@2012.vi> Date: Fri, 11 Aug 2006 15:55:32 -0400 From: beno User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: "Jeremy C. Reed" , freebsd-pf@freebsd.org References: <44DCD5E4.9020405@2012.vi> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: What Do These Devices Do? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 19:55:46 -0000 Can you tell me what this all means? I need to understand things like: * Through what device do such services as email, tcp, http, udp and icpm access my box, through which do they leave and which (if any) are used for internal communication? * Also would help, what is fxp0 *traditionally* used for? Thanks, beno Jeremy C. Reed wrote: > "ifconfig -a" should tell you about your interfaces. > vr0: flags=8843 mtu 1500 inet 202.71.106.119 netmask 0xffffffe0 broadcast 202.71.106.127 inet6 fe80::2e0:4cff:fee1:4ffb%vr0 prefixlen 64 scopeid 0x1 ether 00:e0:4c:e1:4f:fb media: Ethernet autoselect (100baseTX ) status: active plip0: flags=108851 mtu 1500 inet 0.0.0.0 --> 255.255.255.255 netmask 0xff000000 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 > And use "netstat -bi" to see if they are used too. > Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll vr0 1500 00:e0:4c:e1:4f:fb 9355217 0 1705101091 500970 0 250391177 0 vr0 1500 202.71.106.96 202.71.106.119 910574 - 321683093 839022 - 441647510 - vr0 1500 fe80:1::2e0:4 fe80:1::2e0:4cff: 0 - 0 3 - 216 - plip0 1500 0 10 0 0 5 0 0 plip0 1500 0 0.0.0.0 0 - 0 0 - 0 - lo0 16384 349764 0 206520178 349764 0 206520178 0 lo0 16384 your-net localhost.web.vi 10323 - 8207467 10323 - 8207467 - lo0 16384 localhost.web ::1 84 - 6048 84 - 6048 - lo0 16384 fe80:3::1 fe80:3::1 0 - 0 0 - 0 - From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 20:50:03 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD4DD16A4DA for ; Fri, 11 Aug 2006 20:50:03 +0000 (UTC) (envelope-from zope@2012.vi) Received: from efit.xs4all.nl (efit.xs4all.nl [82.92.236.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1088243D46 for ; Fri, 11 Aug 2006 20:50:02 +0000 (GMT) (envelope-from zope@2012.vi) Received: from [192.168.0.6] (dpc67143135132.direcpc.com [67.143.135.132]) by efit.xs4all.nl (Weasel v1.73); 11 Aug 2006 22:46:32 Message-ID: <44DCED69.3010807@2012.vi> Date: Fri, 11 Aug 2006 16:49:45 -0400 From: beno User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Max Laier , freebsd-pf@freebsd.org References: <44DCD5E4.9020405@2012.vi> <200608112144.28469.max@love2party.net> In-Reply-To: <200608112144.28469.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: What Do These Devices Do? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 20:50:03 -0000 Max Laier wrote: >> vr0 >> plip0 >> lo0 >> > > You seem a little lost. I suggest that you read a book to cover some > basics before diving in with a tutorial you obviously do not understand. > Well, I appreciate your advice. But I *do* understand *most* of it. I'm just asking about what I *don't* understand. You guys that have the glorious advantage of having learned from professionals either as a student or as a co-worker have no concept of how difficult this is to learn by one's self. Indeed, I've spent all_day_yesterday_and_today studying this material. And I've read and re-read quite literally dozens of thick books on programming over the years. > What tutorial? URL? > http://www.openbsd.org/faq/pf/index.html > IPFilters? This list is about "packet filter (pf)" > I still get confused as to the difference, sorry. I mean PF. beno From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 21:58:33 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAE0E16A4DA for ; Fri, 11 Aug 2006 21:58:33 +0000 (UTC) (envelope-from snb@threerings.net) Received: from smtp.earth.threerings.net (mail.threerings.net [64.127.109.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id B73DD43D6D for ; Fri, 11 Aug 2006 21:58:33 +0000 (GMT) (envelope-from snb@threerings.net) Received: from [192.168.54.42] (chukchi.sea.earth.threerings.net [192.168.54.42]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.earth.threerings.net (Postfix) with ESMTP id 489376452 for ; Fri, 11 Aug 2006 14:58:33 -0700 (PDT) Message-ID: <44DCFD8B.9020001@threerings.net> Date: Fri, 11 Aug 2006 14:58:35 -0700 From: Nick Barkas User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: freebsd-pf@freebsd.org X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: What Do These Devices Do? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 21:58:34 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 beno wrote: >>> vr0 >>> plip0 >>> lo0 man 4 vr; man 4 plip; man 4 lo FreeBSD typically has manual pages for drivers, in section 4 and named after the device. See also http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-setup.html for more about network card drivers. In this case, if you have a vr0 device on your system, that is most likely your ethernet card (or one of them if you have more than one). > Well, I appreciate your advice. But I *do* understand *most* of it. I'm > just asking about what I *don't* understand. You guys that have the > glorious advantage of having learned from professionals either as a > student or as a co-worker have no concept of how difficult this is to > learn by one's self. Indeed, I've spent all_day_yesterday_and_today > studying this material. And I've read and re-read quite literally dozens > of thick books on programming over the years. Actually, I didn't learn any of what I know about Unix or networking from a class. I learned a little bit from coworkers and friends, but the vast majority I learned on my own by reading man pages, books, and various types of online documentation (the FreeBSD Handbook is a really fantastic resource for learning FreeBSD basics). I'm guessing that many others on this list learned what they know on their own, too. > beno Nick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3P2L44NxFgGs4RMRCk+HAJ9yHF+n38gig9iXcUI/cPNurMxajACg1mTV uaO67MEVegV6rFAL83RQRqo= =+4lB -----END PGP SIGNATURE----- From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 23:58:13 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7746716A4E1 for ; Fri, 11 Aug 2006 23:58:13 +0000 (UTC) (envelope-from reed@reedmedia.net) Received: from ca.pugetsoundtechnology.com (ca.pugetsoundtechnology.com [38.99.2.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2ECD043D6D for ; Fri, 11 Aug 2006 23:58:08 +0000 (GMT) (envelope-from reed@reedmedia.net) Received: from pool-72-64-101-227.dllstx.fios.verizon.net ([72.64.101.227] helo=reedmedia.net) by ca.pugetsoundtechnology.com. with esmtp (Exim 4.54) id 1GBbdg-0004rk-BY; Fri, 11 Aug 2006 11:21:44 -0700 Received: by glacier.reedmedia.net (Postfix, from userid 1000) id 24B074DD86; Fri, 11 Aug 2006 13:24:27 -0500 (CDT) Date: Fri, 11 Aug 2006 13:24:27 -0500 (CDT) From: "Jeremy C. Reed" To: Odhiambo Washington In-Reply-To: <20060811154941.GC75161@ns2.wananchi.com> Message-ID: References: <20060811154941.GC75161@ns2.wananchi.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-pf@freebsd.org Subject: Re: Can PF allow access by username/userid? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 23:58:13 -0000 > http://www.linux.com/article.pl?sid=04/07/01/1833212 > > ... under the section "Putting it in action", the writer > describes how they limit access by username with IPTables. > > I am wondering if this is achievable with PF. If yes, which section > of the FAQ should I read? The PF FAQ does not cover that. But it should. Anyone interested in writing a paragraph with example of using "user" and "group" for the PF FAQ? (Also "group" is not supported on some PF platforms because the gid of user with the socket is not kept.) You can also setup access rules by authenticated login first -- see the PF FAQ "authpf.html" chapter. From owner-freebsd-pf@FreeBSD.ORG Fri Aug 11 23:58:18 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5648C16A4DA for ; Fri, 11 Aug 2006 23:58:18 +0000 (UTC) (envelope-from reed@reedmedia.net) Received: from ca.pugetsoundtechnology.com (ca.pugetsoundtechnology.com [38.99.2.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id A60E643D62 for ; Fri, 11 Aug 2006 23:58:13 +0000 (GMT) (envelope-from reed@reedmedia.net) Received: from pool-72-64-101-227.dllstx.fios.verizon.net ([72.64.101.227] helo=reedmedia.net) by ca.pugetsoundtechnology.com. with esmtp (Exim 4.54) id 1GBcm7-00015F-Oo; Fri, 11 Aug 2006 12:34:31 -0700 Received: by glacier.reedmedia.net (Postfix, from userid 1000) id 973844DD86; Fri, 11 Aug 2006 14:37:14 -0500 (CDT) Date: Fri, 11 Aug 2006 14:37:14 -0500 (CDT) From: "Jeremy C. Reed" To: beno In-Reply-To: <44DCD5E4.9020405@2012.vi> Message-ID: References: <44DCD5E4.9020405@2012.vi> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-pf@freebsd.org Subject: Re: What Do These Devices Do? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 23:58:18 -0000 On Fri, 11 Aug 2006, beno wrote: > I'm following a great tutorial on how to build strong and safe IPFilters. > However, I don't have the same devices in my box that it references, and I > don't know what my devices do, so I can't write my rules yet. Please tell me > what these guys do (what packets they receive or send, etc.): > > vr0 vr0 is probably your network card, like a D-Link or VIA Rhine Ethernet. > plip0 IP over parallel line. Rarely used. > lo0 This is your loopback interface, such as 127.0.0.1 "ifconfig -a" should tell you about your interfaces. And use "netstat -bi" to see if they are used too. From owner-freebsd-pf@FreeBSD.ORG Sat Aug 12 04:02:05 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3B6B16A4DD for ; Sat, 12 Aug 2006 04:02:04 +0000 (UTC) (envelope-from bvelicu@telus.net) Received: from defout.telus.net (defout.telus.net [199.185.220.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id D74BB43D4C for ; Sat, 12 Aug 2006 04:02:01 +0000 (GMT) (envelope-from bvelicu@telus.net) Received: from priv-edtnaa05.telusplanet.net ([209.89.93.52]) by priv-edtnes90.telusplanet.net (InterMail vM.7.05.01.01 201-2174-106-103-20060222) with ESMTP id <20060812040201.QOJG3373.priv-edtnes90.telusplanet.net@priv-edtnaa05.telusplanet.net> for ; Fri, 11 Aug 2006 22:02:01 -0600 Received: from casio (d209-89-93-52.abhsia.telus.net [209.89.93.52]) by priv-edtnaa05.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with ESMTP id F7HM8VPAHU for ; Fri, 11 Aug 2006 22:02:00 -0600 (MDT) From: "Mihai Velicu" To: Date: Fri, 11 Aug 2006 22:01:51 -0600 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: Aca9xAo0uFUpCyQASFGhoZiRRDTECg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Message-Id: <20060812040200.F7HM8VPAHU@priv-edtnaa05.telusplanet.net> X-Mailman-Approved-At: Sat, 12 Aug 2006 04:05:28 +0000 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: firewall X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 04:02:05 -0000 Which firewall is the best : IPFILTER or PF ? Regards, Mihai From owner-freebsd-pf@FreeBSD.ORG Sat Aug 12 08:30:18 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4891B16A4DF for ; Sat, 12 Aug 2006 08:30:18 +0000 (UTC) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BF5443D5A for ; Sat, 12 Aug 2006 08:30:15 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.63 #0 (FreeBSD 4.11-STABLE)) id 1GBosk-00070K-K0 by authid ; Sat, 12 Aug 2006 11:30:10 +0300 Date: Sat, 12 Aug 2006 11:30:10 +0300 From: Odhiambo Washington To: Mihai Velicu Message-ID: <20060812083010.GA61098@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , Mihai Velicu , freebsd-pf@freebsd.org References: <20060812040200.F7HM8VPAHU@priv-edtnaa05.telusplanet.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060812040200.F7HM8VPAHU@priv-edtnaa05.telusplanet.net> X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.12 (2006-07-14) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.12-2006-07-14 Cc: freebsd-pf@freebsd.org Subject: Re: firewall X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 08:30:18 -0000 * On 11/08/06 22:01 -0600, Mihai Velicu wrote: | Which firewall is the best : IPFILTER or PF ? Hi Mihai, This list is a forum for PF, so "which is best" really does not arise here, as it sounds political, and might cause a war. -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ "Why must you tell me all your secrets when it's hard enough to love you knowing nothing?" -- Lloyd Cole and the Commotions From owner-freebsd-pf@FreeBSD.ORG Sat Aug 12 09:46:40 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0891A16A4DD for ; Sat, 12 Aug 2006 09:46:40 +0000 (UTC) (envelope-from solinym@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26FAD43D49 for ; Sat, 12 Aug 2006 09:46:38 +0000 (GMT) (envelope-from solinym@gmail.com) Received: by py-out-1112.google.com with SMTP id c59so192625pyc for ; Sat, 12 Aug 2006 02:46:36 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=b6tqj9pNP3CyivN51ySMmnw9U90NyNkrnfERocbqWzUstQ3SOpc/HiN6RsJjmo5liN4VYMtUqJYhHzsgZGTr9GgREOS46uiM9xQGBzRnmnqJ4Nt1OJOSMU4t/QuxjKMDCC5uDWu4C72uFun5R168Qh5kYoIROdpNquyTH5XRDXM= Received: by 10.35.113.12 with SMTP id q12mr8115130pym; Sat, 12 Aug 2006 02:46:35 -0700 (PDT) Received: by 10.35.34.13 with HTTP; Sat, 12 Aug 2006 02:46:35 -0700 (PDT) Message-ID: Date: Sat, 12 Aug 2006 04:46:35 -0500 From: "Travis H." To: beno In-Reply-To: <44DCE0B4.9000003@2012.vi> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44DCD5E4.9020405@2012.vi> <44DCE0B4.9000003@2012.vi> Cc: freebsd-pf@freebsd.org Subject: Re: What Do These Devices Do? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 09:46:40 -0000 On 8/11/06, beno wrote: > * Through what device do such services as email, tcp, http, udp and icpm > access my box Through whatever one the last hop gave them as the destination for your machine. That's called routing. > through which do they leave and which (if any) are used > for internal communication? Internal to the box, they go out over lo0. It is safe to leave that interface unfiltered. > * Also would help, what is fxp0 *traditionally* used for? It's an ethernet card, so people use it to network computers together. Save yourself getting hacked; read the O'Reilly's book on Internet Firewalls. Or contract me to write your rules :-) -- "If you're not part of the solution, you're part of the precipitate." Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 From owner-freebsd-pf@FreeBSD.ORG Sat Aug 12 13:57:52 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B53A716A4DD for ; Sat, 12 Aug 2006 13:57:52 +0000 (UTC) (envelope-from bill.marquette@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3DF843D58 for ; Sat, 12 Aug 2006 13:57:51 +0000 (GMT) (envelope-from bill.marquette@gmail.com) Received: by py-out-1112.google.com with SMTP id c59so276976pyc for ; Sat, 12 Aug 2006 06:57:51 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Cg59HTZMCkEJRy8+vzLIL41N6DeHNBXeK276hjQOqeqPkNIhsciv/dyzRPTwxL1J/nqpsUpL92j9qf9WhdtxaZBs29k2Smh5U66zDoAgh2eS/6Nt3I3vd9Jsx7zH3Drivyk+vfMzJlLSxfaeg3CIg9zmYgO/Re2PCbkJxQM/XKw= Received: by 10.35.26.14 with SMTP id d14mr8577368pyj; Sat, 12 Aug 2006 06:57:51 -0700 (PDT) Received: by 10.35.131.17 with HTTP; Sat, 12 Aug 2006 06:57:50 -0700 (PDT) Message-ID: <55e8a96c0608120657j68242447nb247b7fa44c7ac67@mail.gmail.com> Date: Sat, 12 Aug 2006 08:57:50 -0500 From: "Bill Marquette" To: "Mihai Velicu" In-Reply-To: <20060812040200.F7HM8VPAHU@priv-edtnaa05.telusplanet.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060812040200.F7HM8VPAHU@priv-edtnaa05.telusplanet.net> Cc: freebsd-pf@freebsd.org Subject: Re: firewall X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 13:57:52 -0000 On 8/11/06, Mihai Velicu wrote: > Which firewall is the best : IPFILTER or PF ? > > > > Regards, > > Mihai That's kind of like asking which shoes are the best, Nike or Adidas. It's a preference, both are good. You'll need to figure out which one feels best to you. --Bill From owner-freebsd-pf@FreeBSD.ORG Sat Aug 12 14:59:54 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A11A16A4DA for ; Sat, 12 Aug 2006 14:59:54 +0000 (UTC) (envelope-from zope@2012.vi) Received: from efit.xs4all.nl (efit.xs4all.nl [82.92.236.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B80843D46 for ; Sat, 12 Aug 2006 14:59:52 +0000 (GMT) (envelope-from zope@2012.vi) Received: from [192.168.0.6] (dpc67143135132.direcpc.com [67.143.135.132]) by efit.xs4all.nl (Weasel v1.73) for ; 12 Aug 2006 16:56:19 Message-ID: <44DDECDB.1070806@2012.vi> Date: Sat, 12 Aug 2006 10:59:39 -0400 From: beno User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: How Tag/Mark Up Media Packets? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 14:59:54 -0000 Hi; Is it possible to define packets according to the media type (pdf, mp3) that they request/send? Also, what does *ssh* mean here? I would have expected a macro or a port number: pass out on fxp0 from any to any port 22 queue ssh TIA. beno From owner-freebsd-pf@FreeBSD.ORG Sat Aug 12 15:06:05 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B0A8A16A4E2 for ; Sat, 12 Aug 2006 15:06:05 +0000 (UTC) (envelope-from phoemix@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 270EF43D49 for ; Sat, 12 Aug 2006 15:06:05 +0000 (GMT) (envelope-from phoemix@harmless.hu) Received: from localhost (localhost [127.0.0.1]) by marvin (Postfix) with ESMTP id CD1FC20001CC; Sat, 12 Aug 2006 17:06:03 +0200 (CEST) Received: from marvin.harmless.hu ([127.0.0.1]) by localhost (marvin [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02037-09; Sat, 12 Aug 2006 17:06:03 +0200 (CEST) Received: by marvin (Postfix, from userid 1000) id 30F0B20001CB; Sat, 12 Aug 2006 17:06:03 +0200 (CEST) Date: Sat, 12 Aug 2006 17:06:03 +0200 To: beno Message-ID: <20060812150603.GA16529@marvin.harmless.hu> References: <44DDECDB.1070806@2012.vi> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline In-Reply-To: <44DDECDB.1070806@2012.vi> User-Agent: Mutt/1.5.9i From: phoemix@harmless.hu (Gergely CZUCZY) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at harmless.hu Cc: freebsd-pf@freebsd.org Subject: Re: How Tag/Mark Up Media Packets? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 15:06:05 -0000 --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=utf-8 Content-Disposition: inline On Sat, Aug 12, 2006 at 10:59:39AM -0400, beno wrote: > Hi; > Is it possible to define packets according to the media type (pdf, mp3) > that they request/send? that requires an application-level firewall. think of a keepalive HTTP request. the items sent back are the following: the html page, 3 images, an mp3 music theme for the site, 5 flash animations, and a pdf at last. there are multiple contencts in a single connection. even a single tcp packet could share two or more type of contents. think of it... pf itself is a packet-level firewall. any application-level extensions are in the userland, like the ftp-proxy. > Also, what does *ssh* mean here? I would have expected a macro or a port > number: > pass out on fxp0 from any to any port 22 queue ssh ssh means 22/tcp, mostly. i would add proto tcp... Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu PGP: http://phoemix.harmless.hu/phoemix.pgp Weenies test. Geniuses solve problems that arise. --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFE3e5bbBsEN0U7BV0RAjkVAKDk3BKk1gBG/LokLW8kVZELqKKwjgCcD5ZK EEwFgPqf9Wn2MsMbHdZJAGw= =adMg -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx-- From owner-freebsd-pf@FreeBSD.ORG Sat Aug 12 16:32:30 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BB6616A4DA for ; Sat, 12 Aug 2006 16:32:30 +0000 (UTC) (envelope-from zope@2012.vi) Received: from efit.xs4all.nl (efit.xs4all.nl [82.92.236.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F22943D4C for ; Sat, 12 Aug 2006 16:32:28 +0000 (GMT) (envelope-from zope@2012.vi) Received: from [192.168.0.6] (dpc67143135132.direcpc.com [67.143.135.132]) by efit.xs4all.nl (Weasel v1.73) for ; 12 Aug 2006 18:28:56 Message-ID: <44DE0291.8060705@2012.vi> Date: Sat, 12 Aug 2006 12:32:17 -0400 From: beno User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: IP Address List X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 16:32:30 -0000 Is this legal? Will all the addresses contained in this list be expanded out? directv_ip_addresses=( 69.19.0.0 - 69.19.127.255 ) TIA, beno From owner-freebsd-pf@FreeBSD.ORG Sat Aug 12 16:49:29 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5AAE816A4E2 for ; Sat, 12 Aug 2006 16:49:29 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id A56D643D45 for ; Sat, 12 Aug 2006 16:49:28 +0000 (GMT) (envelope-from max@love2party.net) Received: from [88.64.180.29] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis), id 0ML25U-1GBwfu3801-0007xX; Sat, 12 Aug 2006 18:49:27 +0200 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Sat, 12 Aug 2006 18:49:07 +0200 User-Agent: KMail/1.9.3 References: <44DE0291.8060705@2012.vi> In-Reply-To: <44DE0291.8060705@2012.vi> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1422051.NWx5H8rnHU"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200608121849.25139.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: Subject: Re: IP Address List X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 16:49:29 -0000 --nextPart1422051.NWx5H8rnHU Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 12 August 2006 18:32, beno wrote: > Is this legal? Will all the addresses contained in this list be > expanded out? > directv_ip_addresses=3D( 69.19.0.0 - 69.19.127.255 ) 69.19.0.0/17 ... please stop asking questions that can be answered with=20 <10seconds of google, wikipedia or the like. This is not your personal=20 help line. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1422051.NWx5H8rnHU Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBE3gaVXyyEoT62BG0RAkTiAJ9b9cvpwWhx1P8+HThwX91Qei0TbgCfc1Z/ zvsD9agHAyWRa1XMJjdA8jY= =nzNP -----END PGP SIGNATURE----- --nextPart1422051.NWx5H8rnHU--