From owner-freebsd-pf@FreeBSD.ORG Thu Sep 25 18:30:51 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1400DFB0 for ; Thu, 25 Sep 2014 18:30:51 +0000 (UTC) Received: from nm8-vm0.bullet.mail.bf1.yahoo.com (nm8-vm0.bullet.mail.bf1.yahoo.com [98.139.213.95]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B034CB9C for ; Thu, 25 Sep 2014 18:30:50 +0000 (UTC) Received: from [98.139.212.149] by nm8.bullet.mail.bf1.yahoo.com with NNFMP; 25 Sep 2014 18:30:43 -0000 Received: from [98.139.212.207] by tm6.bullet.mail.bf1.yahoo.com with NNFMP; 25 Sep 2014 18:30:43 -0000 Received: from [127.0.0.1] by omp1016.mail.bf1.yahoo.com with NNFMP; 25 Sep 2014 18:30:43 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 99309.24377.bm@omp1016.mail.bf1.yahoo.com Received: (qmail 86958 invoked by uid 60001); 25 Sep 2014 18:24:02 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1411669442; bh=aj7JMCUkKtuGpNGEtkXFg/z6J4TJhynD8XKL4qq7yeQ=; h=Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=PDNFR2AM/rSRz0F+OHXMH+I5qMfDbbJg7DybMzfoDyZB0W8uZAlQBZvLs6TA0pSGPpbZsuzFW1ahyC1Fyu7QN35bc6apY28azhs8d4rG8UKGvYrF1TkGpoQyTzjsj2kjtHvzcW6Yg91cYR7crHi+D32D4BJa3yFCoRX68exPmLQ= X-YMail-OSG: fHKVaz8VM1lUPkRr9BcIM_Cf8XNJvdxaGEtEMpoun0JMxnO IQa35H1T4YFKqRAqFxq_KobfWuqSng.Y8rdF4VBBb0ybAaU3a7dFHZUq9CUx Y7vYWliC_LSnCeOiSv32.ktCX197SicwTS05SacFd7tAMPPI_kFNrjLo5r_. 5zXesxLPr1lO_NFRIdm4KuRUYsiO5GU5IuP8TLuBYYBhxywX_XzvzqtYJkhK Y1ppq2hfr8eHh8uP8ka_gyfQie6YS3o5LF31onCAny3stftX8s5ggYFj8NDc bpRnpO2eJpZ5oHXjKosQwr3EPdxiN4vmrA5InuhJw5uHPFeBwKQ3sTNk0zk_ 8SmJqpGzMjntqlHyoK0H5uhvymYUj.jABHGeIOJdUvSG26utINm1bC4fGeuj AhMelF.btIWP.LtMoDVrbUv1Q3QutB6Ww3_o3Zj9kpNbSaNJFvStUYG.Rl8r y2ZbEdakVApNGvXEfTnpl5094gp1tx5wN8nMKGh9BSj3qv_CsFfIL0PGSA8X 4oArqTgLHRRoKt_650o1GY4jeJM12DkzIOPAB.W.6PeQ0Do_95us.5L7eaRT 58Q-- Received: from [178.48.83.58] by web160705.mail.bf1.yahoo.com via HTTP; Thu, 25 Sep 2014 11:24:01 PDT X-Rocket-MIMEInfo: 002.001, SGksCgpJIHdhcyB3b25kZXJpbmcgaG93IGlzIHBvc3NpYmxlIHRvIGFjY2VwdCBhIGNvbm5lY3Rpb24sIGxldHMgc2F5IG9uIHBvcnQgODAgb25seSBpZiBpdCBjb21lcyBmcm9tIGEgc3BlY2lmaWVkIHJlZmVyZXIuCkxldCdzIHNheSB0aGVyZSBpcyBhIGxpbmsgb24gc2VydmVyIEEgKElQIDEuMS4xLjEpIHBvaW50aW5nIHRvIHNlcnZlciBCIChJUCAyLjIuMi4yKS4gQW5kIHNlcnZlciBCIHdpbGwgb25seSBhY2NlcHQgdGhlIGNvbm5lY3Rpb24gaWYgaXQgd2FzIHNlbnQgYnkgQS4KCkFueSBpZGVhcz8KClQBMAEBAQE- X-Mailer: YahooMailWebService/0.8.203.696 Message-ID: <1411669441.95769.YahooMailNeo@web160705.mail.bf1.yahoo.com> Date: Thu, 25 Sep 2014 11:24:01 -0700 From: Laszlo Danielisz Reply-To: Laszlo Danielisz Subject: referer filtering To: "freebsd-pf@freebsd.org" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 18:30:51 -0000 Hi, I was wondering how is possible to accept a connection, lets say on port 80 only if it comes from a specified referer. Let's say there is a link on server A (IP 1.1.1.1) pointing to server B (IP 2.2.2.2). And server B will only accept the connection if it was sent by A. Any ideas? Thx! Laszlo From owner-freebsd-pf@FreeBSD.ORG Thu Sep 25 19:45:35 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1FC79FCE for ; Thu, 25 Sep 2014 19:45:35 +0000 (UTC) Received: from mail.smarty.az (mail.smarty.az [109.235.196.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C16526A1 for ; Thu, 25 Sep 2014 19:45:33 +0000 (UTC) Received: from [192.168.1.202] (pop-shaki-199.azeronline.com [62.217.138.199]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mail.smarty.az (Postfix) with ESMTPSA id 98FBB1FEABFC for ; Fri, 26 Sep 2014 00:37:37 +0500 (AZST) Date: Fri, 26 Sep 2014 00:37:31 +0500 Subject: Re: referer filtering From: Javad Mustafayev To: Laszlo Danielisz via freebsd-pf MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 19:45:35 -0000 SGksIGkgY2FuIHN1Z2dlc3QgY29uZmlnIGJlbG93CgpsZXRzIHNheSB0aGlzIGNvbmZpZyB3aWxs IGJlIG9uIHNlcnZlciBCJ3MgcGYuY29uZi4gYW5kIHlvdXIgbmV0d29yayBpbnRlcmZhY2Ugb2Yg QiBpcCBhZGRyZXNzIDIuMi4yLjIgaXMgYmdlMAoKdGhlbiB5b3UgY2FuIHVzZSB0aGUgZm9sbG93 aW5nIGNvbmZpZwoKI3BmLmNvbmYKI21hY3JvcwoKZXh0X2lmPSJiZ2UwIgpBPSIxLjEuMS4xIgpC PSIyLjIuMi4yIgoKI2dsb2JhbCBvcHRpb25zCnNldCBibG9jay1wb2xpY3kgcmV0dXJuICNvciB5 b3UgY2FuIHVzZSBkcm9wCnNldCBza2lwIG9uIGxvMApzZXQgbG9naW50ZXJmYWNlICRleHRfaWYg I29wdGlvbmFsCgojYWxsIG90aGVyIGNvbmZpZ3VyYXRpb25zCgojaGVyZSB5b3UgYmxvY2sgYWxs CgpibG9jayByZXR1cm4gaW4gYWxsICNvciB5b3UgY2FuIHVzZSBkcm9wIDopCgojYW5kIGhlcmUg YWxsb3cgVENQIGNvbm5lY3Rpb25zIG9uIHBvcnQgODAgb25seSBmcm9tIEEoMS4xLjEuMSkgdG8g QigyLjIuMi4yKQoKcGFzcyBpbiBsb2cgb24gJGV4dF9pZiBpbmV0IHByb3RvIHRjcCBmcm9tICRB IHRvICRCIHBvcnQgODAga2VlcCBzdGF0ZQoKdGhhdCdzIGFsbC4gaXRzIHNvIHNpbXBsZSBjb25m aWd1cmF0aW9uIGZpbGUuIHlvdSBjYW4gZmluZCBtb3JlIGFkdmFuY2VkIGFuZCBmYW5jeSBjb25m aWd1cmF0aW9uIG1vZGVscyBvbiB0aGUgd2ViLiBidXQgaSBzdWdnZXN0IHBmIG1hbnVhbCA7KSAK Z29vZCBsdWNrLgotLQoK4oCi4oCi4oCiLwpuYW1lOsKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgIEphdmFkIE11c3RhZmF5ZXYKdGl0bGU6wqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgU3lzdGVtIEFkbWluaXN0cmF0b3IKY29tcGFueTrCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgU21hcnR5 IExMQwptb2JpbGU6wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgMDA5OTQuNTEuOTI3 LjExLjk5Cm1haWw6wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoCBqYXZhZEBzbWFydHkuYXoKd2ViLm1haWw6wqDCoMKgIGoubXVzdGFmYXlldkBnbWFp bC5jb20KwqDigKLigKLigKIvCsKgCgpPbiBTZXAgMjUsIDIwMTQgMTE6MjQgUE0sIExhc3psbyBE YW5pZWxpc3ogdmlhIGZyZWVic2QtcGYgPGZyZWVic2QtcGZAZnJlZWJzZC5vcmc+IHdyb3RlOgo+ Cj4gSGksIAo+Cj4gSSB3YXMgd29uZGVyaW5nIGhvdyBpcyBwb3NzaWJsZSB0byBhY2NlcHQgYSBj b25uZWN0aW9uLCBsZXRzIHNheSBvbiBwb3J0IDgwIG9ubHkgaWYgaXQgY29tZXMgZnJvbSBhIHNw ZWNpZmllZCByZWZlcmVyLiAKPiBMZXQncyBzYXkgdGhlcmUgaXMgYSBsaW5rIG9uIHNlcnZlciBB IChJUCAxLjEuMS4xKSBwb2ludGluZyB0byBzZXJ2ZXIgQiAoSVAgMi4yLjIuMikuIEFuZCBzZXJ2 ZXIgQiB3aWxsIG9ubHkgYWNjZXB0IHRoZSBjb25uZWN0aW9uIGlmIGl0IHdhcyBzZW50IGJ5IEEu IAo+Cj4gQW55IGlkZWFzPyAKPgo+IFRoeCEgCj4gTGFzemxvIAo+IF9fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fIAo+IGZyZWVic2QtcGZAZnJlZWJzZC5vcmcg bWFpbGluZyBsaXN0IAo+IGh0dHA6Ly9saXN0cy5mcmVlYnNkLm9yZy9tYWlsbWFuL2xpc3RpbmZv L2ZyZWVic2QtcGYgCj4gVG8gdW5zdWJzY3JpYmUsIHNlbmQgYW55IG1haWwgdG8gImZyZWVic2Qt cGYtdW5zdWJzY3JpYmVAZnJlZWJzZC5vcmciIAo=