From owner-freebsd-pf@FreeBSD.ORG Fri Oct 7 23:19:58 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5CCF4106564A for ; Fri, 7 Oct 2011 23:19:58 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from mail2.jellyfishnet.co.uk (mail2.jellyfishnet.co.uk [93.91.20.10]) by mx1.freebsd.org (Postfix) with ESMTP id E99458FC0A for ; Fri, 7 Oct 2011 23:19:57 +0000 (UTC) Received: from pemexhub02.jellyfishnet.co.uk.local (93.91.20.63) by mail2.jellyfishnet.co.uk (93.91.20.10) with Microsoft SMTP Server (TLS) id 8.1.436.0; Sat, 8 Oct 2011 00:09:04 +0100 Received: from PEMEXMBXVS04.jellyfishnet.co.uk.local ([192.168.65.51]) by pemexhub02.jellyfishnet.co.uk.local ([192.168.65.8]) with mapi; Sat, 8 Oct 2011 00:07:03 +0100 From: Greg Hennessy To: "Spenst, Aleksej" , "'freebsd-pf@freebsd.org'" Date: Sat, 8 Oct 2011 00:09:01 +0100 Thread-Topic: How to block HTTP packets going to 0.0.0.0 via proxy Thread-Index: AcyFA12IH/ovZwklSnit3YDsshhq8AAQmhww Message-ID: <9EB23F6C23A8B6488E8BCC92A48E83261280798259@PEMEXMBXVS04.jellyfishnet.co.uk.local> References: <20290C577F743240B5256C89EFA753810D28E8E174@HIKAWSEX01.ad.harman.com> In-Reply-To: <20290C577F743240B5256C89EFA753810D28E8E174@HIKAWSEX01.ad.harman.com> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: Subject: RE: How to block HTTP packets going to 0.0.0.0 via proxy X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Oct 2011 23:19:58 -0000 If you have no access to the gateway system, the only other alternative is = a client side configuration, either use a PAC file or browser exception or = routing statement to send traffic elsewhere.=20 Greg > -----Original Message----- > From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd- > pf@freebsd.org] On Behalf Of Spenst, Aleksej > Sent: 08 October 2011 2:11 AM > To: 'freebsd-pf@freebsd.org' > Subject: How to block HTTP packets going to 0.0.0.0 via proxy >=20 > Hi, >=20 > my browser goes online via proxy. > So, when I type http://0.0.0.0 in my browser I see in wireshark the follo= wing: >=20 > Source Destination Protocol = Info > 172.16.102.100 172.16.2.17 HTTP GET http://0= .0.0.0/ HTTP/1.1 >=20 > That is the http GET request with the 0.0.0.0 IP address is sent to my pr= oxy > 172.16.2.17. > I do not want these requests to go to proxy. How can I block such request= s > with pf rules? >=20 > I could easily write a rule to block all packets directly going to IP 0.0= .0.0, but in > case with proxy, I don't know how to block such requests. >=20 > Thanks for any help. >=20 > Regards, > Aleks. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"