Date: Fri, 09 Jun 2006 12:40:31 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: Pat Maddox <pergesu@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Need some help with PF rule letting two machines access each other Message-ID: <4489501F.7070501@locolomo.org> In-Reply-To: <810a540e0606082221n488bf220q3846d9c79b47e1ad@mail.gmail.com> References: <810a540e0606082221n488bf220q3846d9c79b47e1ad@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Pat Maddox wrote: > 12.34.56.78 runs a server on port 1234 > 87.65.43.21 should connect to this > > Both of them have PF rulesets that block off most traffic, keeping > open the publically available ports I need open. In this case though, > any traffic over this port should only be between these two machines. > I've tried to set this up, but I keep getting operation not permitted, > connection refused, and connection reset by peer errors. Thanks for > any info. It's quite difficult to tell which rule catches your packets without the ruleset. Try this: 1) Add "log" to all block rules 2) Check you have keep state in pass rules 3) Check you have quick in your pass rules If you have a default block policy, then you should generally have quick in pass rules or you might have packets marked for passing being caught later by a block rule. I generally prefer having the default policy at top without quick, and then set quick on rules taking an explicit action. Cheers, Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4489501F.7070501>