From owner-freebsd-pf@FreeBSD.ORG Mon Nov 3 10:41:16 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DD3A289A for ; Mon, 3 Nov 2014 10:41:15 +0000 (UTC) Received: from smtp.po.exetel.com.au (pecan2-mail.exetel.com.au [220.233.0.71]) by mx1.freebsd.org (Postfix) with ESMTP id 8DCB3C44 for ; Mon, 3 Nov 2014 10:41:14 +0000 (UTC) Received: from phasia.kd.net.au ([115.70.76.27]) by smtp.po.exetel.com.au with esmtp (Exim 4.80) (envelope-from ) id 1XlF4T-0001bO-GX for freebsd-pf@freebsd.org; Mon, 03 Nov 2014 21:41:13 +1100 Received: from aneurin.horsfall.org (unknown [120.146.8.15]) by dermis.kd (Postfix) with ESMTP id A7FF6CD2C for ; Mon, 3 Nov 2014 21:42:41 +1100 (EST) Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.14.4/8.14.4) with ESMTP id sA3Aep2Q006897 for ; Mon, 3 Nov 2014 21:40:52 +1100 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.14.4/8.14.4/Submit) with ESMTP id sA3AeovE006894 for ; Mon, 3 Nov 2014 21:40:50 +1100 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Mon, 3 Nov 2014 21:40:50 +1100 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: Re: Getting tables to work in PF In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="1483753691-1283304627-1415011250=:1220" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 10:41:16 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1483753691-1283304627-1415011250=:1220 Content-Type: TEXT/PLAIN; charset=UTF-8 Content-Transfer-Encoding: 8BIT On Mon, 3 Nov 2014, Ermal Luçi wrote: > - Full ruleset if you can disclose As attached - no secrets in it. It's somewhat loose because it's behind another firewall (the ADSL modem) that just lets SMTP/HTTP/SSH-secret-port through to it (I've masked the SSH port). > - Make sure with output of pfctl -s all that pf is actually enabled to > do filtering on packets. Attached; the empty "FILTER RULES" looks a bit suspicious... > NOTE: You enable pf by running pfctl -e I know; I was using "service pf restart" as well. -- Dave Horsfall (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there) --1483753691-1283304627-1415011250=:1220 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=spammers Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: spammers Content-Disposition: attachment; filename=spammers IyBuZXRtYW4uY3VzdC5mc2kuaW8NCjIxNi42Ni4xNS4xMjANCg== --1483753691-1283304627-1415011250=:1220 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=pf.conf Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: pf.conf Content-Disposition: attachment; filename=pf.conf Iw0KIyBTdHJpcHBlZCBkb3duIGhlYXZpbHkgZnJvbSBLRCAoT3BlbkJTRCku DQojIFRoaXMgYm94IGhhcyBubyBvdGhlciBpbnRlcmZhY2VzLCBhbmQgaXMg ZmFjaW5nIHRoZSBuZXQuDQojDQojIEluIG90aGVyIHdvcmRzLCB0aGVyZSBp cyBubyBpbnRlcm5hbCBpbnRlcmZhY2U7IHRoaXMgYm94IGlzDQojIGFsbCB0 aGF0IHRoZXJlIGlzLCBoZW5jZSBpcyBzZWxmLWZpcmV3YWxsZWQuDQojDQoN CmV4dF9pZiA9ICJmeHAwIg0KDQpzZXQgYmxvY2stcG9saWN5IGRyb3ANCnNl dCBza2lwIG9uIGxvDQpzZXQgbG9naW50ZXJmYWNlIGVncmVzcwkjIENhbid0 IHJlbWVtYmVyIHdoYXQgdGhpcyBkb2VzDQojc2V0IHJ1bGVzZXQtb3B0aW1p emF0aW9uIGJhc2ljDQoNCiMNCiMgRG9lcyB0aGlzIGFjdHVhbGx5IGNyZWF0 ZSB0aGUgdGFibGU/ICBCZWNhdXNlIGl0IHN1cmUgYXMgaGVsbCBkb2Vzbid0 DQojIGxvYWQgaXQuLi4gIEZvciB0aGF0IEkgbmVlZCAicGZjdGwgWy12XSAt dCBzcGFtbWVycyAtVGFkZCB4LngueC54Ig0KIw0KdGFibGUgPHNwYW1tZXJz PiBwZXJzaXN0IGZpbGUgIi9ldGMvc3BhbW1lcnMiDQoNCiMNCiMgU01UUCBt b3N0bHksIGJ1dCBjb3VsZCB1c2UgZm9yIHd3dywgc3NoLCBldGMuDQojDQoj IENsZWFuc2UgZXZlcnkgc28gb2Z0ZW4gd2l0aCAicGZjdGwgLXQgd29vZHBl Y2tlcnMgLVQgc2Vjb25kcy4NCiMNCnRhYmxlIDx3b29kcGVja2Vycz4gcGVy c2lzdA0KDQpzY3J1YiBpbgkjIFVuZnJhZyBwYWNrZXRzDQoNCmJsb2NrIGFs bAkjIEJ1dCB3YWl0LCB0aGVyZSdzIG1vcmUhDQoNCnBhc3Mgb3V0IHF1aWNr IGFsbCBrZWVwIHN0YXRlDQoNCmFudGlzcG9vZiBsb2cgcXVpY2sgZm9yICRl eHRfaWYgaW5ldA0KDQpibG9jayBpbiBsb2cgcXVpY2sgb24gJGV4dF9pZiBm cm9tIDxzcGFtbWVycz4gdG8gYW55DQoNCmJsb2NrIGluIGxvZyBxdWljayBv biAkZXh0X2lmIGZyb20gPHdvb2RwZWNrZXJzPg0KDQojIE5vIG1vcmUgdGhh biAxMC9JUCwgb3IgNS9taW51dGUgc2hvdWxkIGJlIHBsZW50eS4NCnBhc3Mg aW5ldCBwcm90byB0Y3AgZnJvbSBhbnkgcG9ydCBzbXRwIFwNCiAgICBmbGFn cyBTL1NBIGtlZXAgc3RhdGUgXA0KICAgIChtYXgtc3JjLWNvbm4gMTAsIG1h eC1zcmMtY29ubi1yYXRlIDUvNjAsIFwNCiAgICBvdmVybG9hZCA8d29vZHBl Y2tlcnM+IGZsdXNoIGdsb2JhbCkNCg0KIyBQcm9ibGVtIHBhY2tldCBwcmV2 ZW50aW9uDQpibG9jayBpbiBsb2cgcXVpY2sgZnJvbSBuby1yb3V0ZSB0byBh bnkNCmJsb2NrIGluIGxvZyBxdWljayBvbiAkZXh0X2lmIGZyb20gYW55IHRv IDI1NS4yNTUuMjU1LjI1NQ0KDQpibG9jayBpbiBsb2cgcXVpY2sgZnJvbSBh bnkgdG8gMC4wLjAuMC8zMg0KYmxvY2sgaW4gbG9nIHF1aWNrIGZyb20geyAy MjQuMC4wLjAvNCwgMjU1LjI1NS4yNTUuMjU1LzMyIH0gdG8gYW55DQoNCiMg V2hhdCBhYm91dCA0NC84Pw0KDQojIFRlc3RpbmcNCiNibG9jayBpbiBxdWlj ayBsb2cgb24gJGV4dF9pZiBwcm90byB0Y3AgcG9ydCBzbXRwIGZyb20gYW55 IHRvIGFueQ0KDQojIEFsbG93ZWQgc2VydmljZXMgaGFuZGxlZCBoZXJlDQoN CiMgREggLSBOTk5OIGlzIHdoZXJlIEkgcGFyayBteSBTU0hEDQpwYXNzIGlu IHF1aWNrIG9uICRleHRfaWYgcHJvdG8gdGNwIGZyb20gYW55IHRvIGFueSBw b3J0IFwNCgl7IHNtdHAsIHd3dywgZG9tYWluLCBOTk5OLCBzZnRwIH0gZmxh Z3MgUy9TQSBrZWVwIHN0YXRlDQpwYXNzIGluIHF1aWNrIG9uICRleHRfaWYg cHJvdG8gdWRwIGZyb20gYW55IHRvIGFueSBwb3J0IHsgZG9tYWluLCBudHAg fSBrZWVwIHN0YXRlDQpwYXNzIGluIHF1aWNrIG9uICRleHRfaWYgaW5ldCBw cm90byBpY21wIGZyb20gYW55IHRvIGFueSBpY21wLXR5cGUgdW5yZWFjaA0K cGFzcyBpbiBxdWljayBvbiAkZXh0X2lmIGluZXQgcHJvdG8gaWdtcCBmcm9t IGFueSB0byBhbnkNCg== --1483753691-1283304627-1415011250=:1220 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=pfctl Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Output of pfctl -s all Content-Disposition: attachment; filename=pfctl RklMVEVSIFJVTEVTOg0KDQpJTkZPOg0KU3RhdHVzOiBFbmFibGVkIGZvciAw IGRheXMgMTQ6MTA6MDkgICAgICAgICAgIERlYnVnOiBVcmdlbnQNCg0KU3Rh dGUgVGFibGUgICAgICAgICAgICAgICAgICAgICAgICAgIFRvdGFsICAgICAg ICAgICAgIFJhdGUNCiAgY3VycmVudCBlbnRyaWVzICAgICAgICAgICAgICAg ICAgICAgICAgMCAgICAgICAgICAgICAgIA0KICBzZWFyY2hlcyAgICAgICAg ICAgICAgICAgICAgICAgICAgMTE1Nzc4ICAgICAgICAgICAgMi4zL3MNCiAg aW5zZXJ0cyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgMCAgICAg ICAgICAgIDAuMC9zDQogIHJlbW92YWxzICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDAgICAgICAgICAgICAwLjAvcw0KQ291bnRlcnMNCiAgbWF0 Y2ggICAgICAgICAgICAgICAgICAgICAgICAgICAgIDExNTc3OCAgICAgICAg ICAgIDIuMy9zDQogIGJhZC1vZmZzZXQgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIDAgICAgICAgICAgICAwLjAvcw0KICBmcmFnbWVudCAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAwICAgICAgICAgICAgMC4wL3MNCiAg c2hvcnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgMCAgICAg ICAgICAgIDAuMC9zDQogIG5vcm1hbGl6ZSAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDAgICAgICAgICAgICAwLjAvcw0KICBtZW1vcnkgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAwICAgICAgICAgICAgMC4wL3MN CiAgYmFkLXRpbWVzdGFtcCAgICAgICAgICAgICAgICAgICAgICAgICAgMCAg ICAgICAgICAgIDAuMC9zDQogIGNvbmdlc3Rpb24gICAgICAgICAgICAgICAg ICAgICAgICAgICAgIDAgICAgICAgICAgICAwLjAvcw0KICBpcC1vcHRpb24g ICAgICAgICAgICAgICAgICAgICAgICAgICAgNDA4ICAgICAgICAgICAgMC4w L3MNCiAgcHJvdG8tY2tzdW0gICAgICAgICAgICAgICAgICAgICAgICAgICAg MCAgICAgICAgICAgIDAuMC9zDQogIHN0YXRlLW1pc21hdGNoICAgICAgICAg ICAgICAgICAgICAgICAgIDAgICAgICAgICAgICAwLjAvcw0KICBzdGF0ZS1p bnNlcnQgICAgICAgICAgICAgICAgICAgICAgICAgICAwICAgICAgICAgICAg MC4wL3MNCiAgc3RhdGUtbGltaXQgICAgICAgICAgICAgICAgICAgICAgICAg ICAgMCAgICAgICAgICAgIDAuMC9zDQogIHNyYy1saW1pdCAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIDAgICAgICAgICAgICAwLjAvcw0KICBzeW5w cm94eSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAwICAgICAgICAg ICAgMC4wL3MNCg0KVElNRU9VVFM6DQp0Y3AuZmlyc3QgICAgICAgICAgICAg ICAgICAgMTIwcw0KdGNwLm9wZW5pbmcgICAgICAgICAgICAgICAgICAzMHMN CnRjcC5lc3RhYmxpc2hlZCAgICAgICAgICAgODY0MDBzDQp0Y3AuY2xvc2lu ZyAgICAgICAgICAgICAgICAgOTAwcw0KdGNwLmZpbndhaXQgICAgICAgICAg ICAgICAgICA0NXMNCnRjcC5jbG9zZWQgICAgICAgICAgICAgICAgICAgOTBz DQp0Y3AudHNkaWZmICAgICAgICAgICAgICAgICAgIDMwcw0KdWRwLmZpcnN0 ICAgICAgICAgICAgICAgICAgICA2MHMNCnVkcC5zaW5nbGUgICAgICAgICAg ICAgICAgICAgMzBzDQp1ZHAubXVsdGlwbGUgICAgICAgICAgICAgICAgIDYw cw0KaWNtcC5maXJzdCAgICAgICAgICAgICAgICAgICAyMHMNCmljbXAuZXJy b3IgICAgICAgICAgICAgICAgICAgMTBzDQpvdGhlci5maXJzdCAgICAgICAg ICAgICAgICAgIDYwcw0Kb3RoZXIuc2luZ2xlICAgICAgICAgICAgICAgICAz MHMNCm90aGVyLm11bHRpcGxlICAgICAgICAgICAgICAgNjBzDQpmcmFnICAg ICAgICAgICAgICAgICAgICAgICAgIDMwcw0KaW50ZXJ2YWwgICAgICAgICAg ICAgICAgICAgICAxMHMNCmFkYXB0aXZlLnN0YXJ0ICAgICAgICAgICAgIDYw MDAgc3RhdGVzDQphZGFwdGl2ZS5lbmQgICAgICAgICAgICAgIDEyMDAwIHN0 YXRlcw0Kc3JjLnRyYWNrICAgICAgICAgICAgICAgICAgICAgMHMNCg0KTElN SVRTOg0Kc3RhdGVzICAgICAgICBoYXJkIGxpbWl0ICAgIDEwMDAwDQpzcmMt bm9kZXMgICAgIGhhcmQgbGltaXQgICAgMTAwMDANCmZyYWdzICAgICAgICAg aGFyZCBsaW1pdCAgICAgNTAwMA0KdGFibGVzICAgICAgICBoYXJkIGxpbWl0 ICAgICAxMDAwDQp0YWJsZS1lbnRyaWVzIGhhcmQgbGltaXQgICAyMDAwMDAN Cg0KVEFCTEVTOg0Kc3BhbW1lcnMNCndvb2RwZWNrZXJzDQoNCk9TIEZJTkdF UlBSSU5UUzoNCjY5NiBmaW5nZXJwcmludHMgbG9hZGVkDQo= --1483753691-1283304627-1415011250=:1220--