Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 10 Feb 2007 16:15:12 +0100
From:      Erik Norgaard <norgaard@locolomo.org>
To:        Tim T Bos <flyweight@casema.nl>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Big problems with PF on freeBSD 6.2
Message-ID:  <45CDE180.9050304@locolomo.org>
In-Reply-To: <45CDB1C3.1080508@casema.nl>
References:  <45CDB1C3.1080508@casema.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Tim T Bos wrote:
> Hi Guys,
> 
> I have a problem with PF.  Normally when I load pf.ko it uses deny all
> as default.
> But if i compile it in the kernel or load it as a module both it won't work.
> If a have only one rule "block all" or "block all on ext_if" I can still
> go on the internet and if I portscan my computer i get most ports closed
> and some by my isp filtered ports (137 139 and some onher MS ports).
> 
> I tried a clean install of freebsd 6.2 with the latest  stable source
> ass well.

you mean "as well" :)

Do you use a GENERIC kernel? If you have a custom kernel or try to set 
special options for pf post those options. Also, post any boot options 
that toggle pf behaviour.

The default behaviour of pf is "pass all", I don't remember if there is 
a boot option or similar to change this.

But anyway, I think it is better to go with the default and set your 
desired default action explicitly as the first rule in your rule set. 
Try a GENERIC kernel and see if packets are blocked correctly by a 
"block log all" rule.

In any case, you should add "log" to your rules for debugging, so you 
can see if ruleset is matched and where packets are blocked or passed.

Cheers, Erik

-- 
Ph: +34.666334818                      web: http://www.locolomo.org

[-- Attachment #2 --]
0	*H
010	+0	*H

0p0XET+0
	*H
0110	UDK10
U
TDC10UTDC OCES CA0
061115083154Z
081115090154Z0u10	UDK1)0'U
 Ingen organisatorisk tilknytning1;0U
Erik Nrgaard0#UPID:9802-2002-2-54436976931500
	*H
0WR&5ʄ8#S^fOパBrIsPBc! >r&8hl3?\.UGB\E3Q!1MrwP*02\|\&s{b'`1&100U0+U$0"20061115083154Z20081115090154Z07U .0*0&
*P)00/+#http://www.certifikat.dk/repository0+00
TDC0For anvendelse af certifikatet glder OCES vilkr, CPS og OCES CP, der kan hentes fra www.certifikat.dk/repository. Bemrk, at TDC efter vilkrene har et begrnset ansvar ift. professionelle parter.0A+50301+0%http://ocsp.certifikat.dk/ocsp/status0 U0norgaard@locolomo.org0U}0{0KIGE0C10	UDK10
U
TDC10UTDC OCES CA10UCRL15570,*(&http://crl.oces.certifikat.dk/oces.crl0U#0`Vd~'gPKs;0U~kG'f+Q{m&0	U00	*H}A0
V7.10
	*H
OJ'|)%Ҋi`1
^nE
jJwKӼB65VSǶw`y$L=YXʷ/\E~,PW$AB\汎͙
7%$	N-ށ"/Ww#ғkMA6S0dD~\w*zPq`#	69;pS6 	뛨3:9s_.'³Q$S0yAƶlqfLi0p0XET+0
	*H
0110	UDK10
U
TDC10UTDC OCES CA0
061115083154Z
081115090154Z0u10	UDK1)0'U
 Ingen organisatorisk tilknytning1;0U
Erik Nrgaard0#UPID:9802-2002-2-54436976931500
	*H
0WR&5ʄ8#S^fOパBrIsPBc! >r&8hl3?\.UGB\E3Q!1MrwP*02\|\&s{b'`1&100U0+U$0"20061115083154Z20081115090154Z07U .0*0&
*P)00/+#http://www.certifikat.dk/repository0+00
TDC0For anvendelse af certifikatet glder OCES vilkr, CPS og OCES CP, der kan hentes fra www.certifikat.dk/repository. Bemrk, at TDC efter vilkrene har et begrnset ansvar ift. professionelle parter.0A+50301+0%http://ocsp.certifikat.dk/ocsp/status0 U0norgaard@locolomo.org0U}0{0KIGE0C10	UDK10
U
TDC10UTDC OCES CA10UCRL15570,*(&http://crl.oces.certifikat.dk/oces.crl0U#0`Vd~'gPKs;0U~kG'f+Q{m&0	U00	*H}A0
V7.10
	*H
OJ'|)%Ҋi`1
^nE
jJwKӼB65VSǶw`y$L=YXʷ/\E~,PW$AB\汎͙
7%$	N-ށ"/Ww#ғkMA6S0dD~\w*zPq`#	69;pS6 	뛨3:9s_.'³Q$S0yAƶlqfLi1*0&090110	UDK10
U
TDC10UTDC OCES CAET+0	+G0	*H
	1	*H
0	*H
	1
070210151512Z0#	*H
	1ofO>X0H	+71;090110	UDK10
U
TDC10UTDC OCES CAET+0J*H
	1;90110	UDK10
U
TDC10UTDC OCES CAET+0R	*H
	1E0C0
*H
0*H
0
*H
@0+0
*H
(0
	*H
k%TGլV⤧.|N~$>KpӌFo>p
­;1QFh
J*i1m6vH\O4k`=PbjRUkځ`o	'

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45CDE180.9050304>