From owner-freebsd-questions@FreeBSD.ORG Thu May 31 14:16:59 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C7BC716A41F for ; Thu, 31 May 2007 14:16:59 +0000 (UTC) (envelope-from ghirai@ghirai.com) Received: from p28.ich-19.com (fa.ea.5646.static.theplanet.com [70.86.234.250]) by mx1.freebsd.org (Postfix) with ESMTP id AC42713C448 for ; Thu, 31 May 2007 14:16:59 +0000 (UTC) (envelope-from ghirai@ghirai.com) Received: from [89.122.149.2] (helo=Unknown-00-16-36-ae-62-05.lan) by p28.ich-19.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1HtlST-0008Vg-F0; Thu, 31 May 2007 09:16:58 -0500 Date: Thu, 31 May 2007 17:16:37 +0300 From: Ghirai X-Mailer: The Bat! (v3.99.3) Professional X-Priority: 3 (Normal) Message-ID: <1055565165.20070531171637@ghirai.com> To: Jonathan Horne , freebsd-questions@freebsd.org In-Reply-To: <200705301919.26630.freebsd@dfwlp.com> References: <200705301919.26630.freebsd@dfwlp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - p28.ich-19.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - ghirai.com Cc: Subject: Re: im new with pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Ghirai List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2007 14:16:59 -0000 Hello Jonathan, Thursday, May 31, 2007, 3:19:26 AM, you wrote: > i have a client who has a simple linksys router, with port 22, 25, 80, 443 > forwarded to a freebsd server i built for his small business. 25 80 and 443 > are obviously public services, but id like to limit access to 22 to the > trusted internal network, and my block of IPs i would be connecting from from > my site. along with regulating port 22, i also need all other ports to work > properly, since samba is installed, and i dont want to mess with picking and > choosing what ports will be in this config. i just need to limit access to > port 22. There's a very nice document here: http://www.openbsd.org/faq/pf/ -- Best regards, Ghirai.