From owner-freebsd-pf@freebsd.org Tue Oct 13 03:51:49 2015 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C2BFA11CB6 for ; Tue, 13 Oct 2015 03:51:49 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9EA78BA0 for ; Tue, 13 Oct 2015 03:51:48 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by wieq12 with SMTP id q12so11127316wie.1 for ; Mon, 12 Oct 2015 20:51:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=CYG1ua1s8WHQZ9XHWoF7aGfvsG3QhL1+g4DnVz6JlTU=; b=FOXdP2JS1cBEkwwc0Jtwxy9KfZk8Tw3B+G5AbrdSa0Tn3j6Zx/9Q3ETWz/4PvTNB1T 4W107XAE890RqI4pFZyBsMXdE4uYzx2oe+r/KDCvnA8nSdqkfuGmNipIeOq8boxzy4EW 3g8jan8/3xt2Yy8ydVQZsUGUS5F/3sdO/SITOWbedtghS6ZujeQVuvMjFZfUWFNE322R QA0I0y4IaEYHbPLCMbqHx8l5Z/N/l/dsKLvoQsn4pS70ZAaMJIa+olkrlDaoEFqtuVCy PL4cXp+30Yihg9sdiI1WJbgz779G/lAF9cHyV63mjJ7pVLMdzZLHsoQHp93Kr8gYLRBh y7QA== MIME-Version: 1.0 X-Received: by 10.180.189.12 with SMTP id ge12mr4314024wic.73.1444708307244; Mon, 12 Oct 2015 20:51:47 -0700 (PDT) Received: by 10.194.162.100 with HTTP; Mon, 12 Oct 2015 20:51:47 -0700 (PDT) Date: Mon, 12 Oct 2015 23:51:47 -0400 Message-ID: Subject: Rules sanity check From: David Mehler To: freebsd-pf@freebsd.org Content-Type: multipart/mixed; boundary=001a11c23d16751d490521f45dae X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Oct 2015 03:51:49 -0000 --001a11c23d16751d490521f45dae Content-Type: text/plain; charset=UTF-8 Hello, I'm back to pf after a number of years with mainly Linux servers. I'm running FreeBSD 10 on a machine with pf. I'm hoping someone can give my rules such as they are a sanity check? Some things I know definitely aren't working is the ipv6 allowing of ssh and http, ipv6 ping doesn't work gives a udp error, ftp from the machine the data connection doesn't come through, i'm assuming i'll have that same problem when I set up a jailed ftp server as well. Sanity check appreciated. Thanks. Dave. --001a11c23d16751d490521f45dae Content-Type: application/octet-stream; name="pf.conf" Content-Disposition: attachment; filename="pf.conf" Content-Transfer-Encoding: base64 X-Attachment-Id: file0 IwojIHBmLmNvbmYgcnVsZXMKIyBFc3RhYmxpc2ggYSBibG9jayBieSBkZWZhdWx0IGZpcmV3YWxs LCBhbGxvdyBhbGwgb3V0Ym91bmQgdHJhZmZpYywgYiB1dCBvbmx5IGFsbG93IHBvcnRzIG9uIHRo ZSBsaXN0IGluYm91bmQKIwoKIyBkZWZpbmUgdGhlIGV4dGVybmFsIGludGVyZmFjZQpleHRfaWY9 InZ0bmV0MCIKCiMgU2V0IG9wdGlvbnMKIyBibG9jay1wb2xpY3kgY2FuIGJlIGVpdGhlciBkcm9w IG9yIHJldHVybgpzZXQgYmxvY2stcG9saWN5IGRyb3AKCiMgQXZvaWQgZG9pbmcgYW55dGhpbmcg d2l0aCB0aGUgbG8wIGxvb3BiYWNrIGludGVyZmFjZQpzZXQgc2tpcCBvbiBsbzAKc2NydWIgb24g JGV4dF9pZiBhbGwgcmVhc3NlbWJsZSB0Y3Agbm8tZGYgcmFuZG9tLWlkIG1heC1tc3MgMTQ0MAph bnRpc3Bvb2YgcXVpY2sgZm9yICgkZXh0X2lmKQoKIyBTZXQgdXAgdGFibGVzIGZvciBJUCBibG9j a2luZwp0YWJsZSA8Y2hpbGRyZW5zPiBwZXJzaXN0CnRhYmxlIDxjaHV1Z29rdT4gcGVyc2lzdCBm aWxlICIvZXRjL3BmL3pvbmVzL2NuLnpvbmUiCnRhYmxlIDxydT4gcGVyc2lzdCBmaWxlICIvZXRj L3BmL3pvbmVzL3J1LnpvbmUiCmljbXBfdHlwZXMgPSAiZWNob3JlcSIKaWNtcDZfdHlwZXMgPSAi aXB2Ni1pY21wIgoKIyBEZWZpbmUgc2VydmljZXMgd2Ugd2FudCB0byBhbGxvdyAgb3V0CnRjcF9z ZXJ2aWNlcyA9ICJ7IGZ0cC1kYXRhLCBmdHAsIG50cCwgYm9vdHBjLCBkb21haW4sIHNzaCwgc210 cCwgd3d3LCBodHRwcywgaW1hcCwgaW1hcHMgfSIKdWRwX3NlcnZpY2VzID0gInsgYm9vdHBjLCBk b21haW4sIG50cCB9IgoKIyBibG9jayBieSBkZWZhdWx0CmJsb2NrIGFsbAoKIyBCbG9jayBhbnl0 aGluZyBpbiB0aGUgY2hpbGRyZW5zIHRhYmxlCmJsb2NrIGluIHF1aWNrIHByb3RvIHRjcCBmcm9t IDxjaGlsZHJlbnM+IHRvIGFueQpibG9jayBpbiBxdWljayBwcm90byB0Y3AgZnJvbSA8Y2h1dWdv a3U+IHRvIGFueSBwb3J0IHsgODAgMjIgMjUgfQpibG9jayBpbiBxdWljayBwcm90byB0Y3AgZnJv bSA8cnU+IHRvIGFueSBwb3J0IHsgODAgMjIgMjUgfQoKIyBwYXNzIG91dCBhbnkgdHJhZmZpYyBm cm9tIHRoZSBob3N0CnBhc3Mgb3V0IHByb3RvIHRjcCB0byBhbnkgcG9ydCAkdGNwX3NlcnZpY2Vz IGtlZXAgc3RhdGUKcGFzcyBwcm90byB1ZHAgdG8gYW55IHBvcnQgJHVkcF9zZXJ2aWNlcyBrZWVw IHN0YXRlCgogIyBBbGxvdyBzc2ggY29ubmVjdGlvbnMgaW4gZnJvbSB0aGUgaW50ZXJuZXQKcGFz cyBpbiBpbmV0IHByb3RvIHRjcCB0byAkZXh0X2lmIHBvcnQgc3NoIGZsYWdzIFMvU0Ega2VlcCBz dGF0ZSAobWF4LXNyYy1jb25uIDUsIG1heC1zcmMtY29ubi1yYXRlIDUvNSwgb3ZlcmxvYWQgPGNo aWxkcmVucz4gZmx1c2ggZ2xvYmFsKQoKIyBQYXNzIGluIGh0dHAgdHJhZmZpYyBmcm9tIHRoZSBp bnRlcm5ldApwYXNzIGluIGluZXQgcHJvdG8gdGNwIHRvICRleHRfaWYgcG9ydCA4MCBmbGFncyBT L1NBIGtlZXAgc3RhdGUgKG1heC1zcmMtY29ubiA1LCBtYXgtc3JjLWNvbm4tcmF0ZSA1LzUsIG92 ZXJsb2FkIDxjaGlsZHJlbnM+IGZsdXNoIGdsb2JhbCkKCiMgQWxsb3cgc2VsZWN0ZWQgaWNtcCB0 eXBlcwojcGFzcyBpbiBpbmV0IHByb3RvIGljbXAgYWxsIGljbXAtdHlwZSAkaWNtcF90eXBlcyBr ZWVwIHN0YXRlCiMgQWxsb3cgcGluZ3Mgb3V0CnBhc3Mgb3V0IGluZXQgcHJvdG8gaWNtcCBhbGwg aWNtcC10eXBlICRpY21wX3R5cGVzIGtlZXAgc3RhdGUKIyBhbmQgZm9yIGlwdjYKI3Bhc3Mgb3V0 IGluZXQ2IHByb3RvIGljbXB2Ni1pY21wIGFsbCBpY21wLXR5cGUgJGljbXA2X3R5cGVzIGtlZXAg c3RhdGUKCg== --001a11c23d16751d490521f45dae--