From owner-freebsd-pf@FreeBSD.ORG Mon Nov 23 16:01:50 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2840D1065676 for ; Mon, 23 Nov 2009 16:01:50 +0000 (UTC) (envelope-from sife.mailling@yahoo.com) Received: from web113110.mail.gq1.yahoo.com (web113110.mail.gq1.yahoo.com [98.136.165.107]) by mx1.freebsd.org (Postfix) with SMTP id ECB618FC08 for ; Mon, 23 Nov 2009 16:01:49 +0000 (UTC) Received: (qmail 93805 invoked by uid 60001); 23 Nov 2009 15:35:08 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1258990508; bh=9IP0zyDGS1h/LITZmRl9SVxVNUN8b9rqnG+NvzqbcxU=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=a0upCOnkcQm+fKienGEDEBpD5EKNqsUzlQZ343onKvZpWWpe45kTuw7LkYzucdJGfzk7iwVSbiMpJ/s8axqZwXmPBk3jQ9gx9CU06GVorHzAzHsB8/91nZcHA1930WQupplYX84GD8pAVWR4NZgChlq35eBBy1vMAYxwQ42KWzY= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=AyBecR2kBPjd2AfV4rqpPPwB52R5EO9ydlas0iNb29YlgD0Q+HKHymp4k+OtkKllPzYE8ww/5u4gacX6L+8xLY/ZwrodeeR+DgXvaAP9+nK1508x6nMI9zJ6W8D36190N3bF951bIMu6KDdKppWwqHyur9PJUn8iTRCrGYDE9ZM=; Message-ID: <745127.92574.qm@web113110.mail.gq1.yahoo.com> X-YMail-OSG: zzKGh1wVM1ncmbZTWMGmjCi7gI54ZNtir_N8kciO7lNGRS8rI6R1nlj1z.xgr7kkx7nkCshJZJO9jcmXOLM5gUh14rs8AiIQtJmLdpGkumWbhnuA8u243oQGl2gHw4St3oFYJ_p_2Had9V4KqSmxAMbXo4uAkrNUELwUKTvb9nSoyMxxZQPTsy_mInGxiDO3GDi9vBQM536ztbJs5U_n2K5LMhrlzANjSXe5KfYXMW8Ykt29JqXG.hApB8hCLfR_4velgNUPr7NdLkOr3bsMwe5.bHzQuUQ1LpiYEE3TTlWs6zbaIossa4Wmv7KVtw-- Received: from [41.100.92.173] by web113110.mail.gq1.yahoo.com via HTTP; Mon, 23 Nov 2009 07:35:08 PST X-Mailer: YahooMailClassic/8.1.6 YahooMailWebService/0.8.100.260964 Date: Mon, 23 Nov 2009 07:35:08 -0800 (PST) From: Sife Mailling To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: block ip's and ports X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Nov 2009 16:01:50 -0000 Salamo Alikom i setup a firewall for personnel home computer ,now i want every packets block if it is not pass to specified ports . this my pf.conf : net_card="sis0" tcp_ports="{80 ,https ,domain ,auth ,21}" udp_ports="{domain}" table file "/etc/pf/banned" table {www.google.com} block in log (all) on $net_card proto {tcp ,udp} all pass in on $net_card proto tcp from any to any port $tcp_ports pass in on $net_card proto udp from any to any port $udp_ports pass in on $net_card proto tcp from 192.168.0.0/16 to 192.168.0.0/16 block in on $net_card proto tcp from { , } to any port $tcp_ports pass out on $net_card proto tcp from any to any port $tcp_ports pass out on $net_card proto udp from any to any port $udp_ports pass out on $net_card inet proto tcp from any to any port ftp pass out on $net_card inet proto tcp from any to any port > 1023 now skype is work and the both tables banned and banned2 i can browse sites including theme .