From owner-freebsd-pf@FreeBSD.ORG Tue Feb 22 14:12:57 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABEF216A4CF for ; Tue, 22 Feb 2005 14:12:57 +0000 (GMT) Received: from smtp-out.wananchi.com (smtp-out.wananchi.com [62.8.64.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id A53DB43D4C for ; Tue, 22 Feb 2005 14:12:56 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com ([62.8.64.4]) by smtp-out.wananchi.com with esmtp (Exim 4.43 #1 (FreeBSD 5.2.1)) id 1D3amc-000Bz2-8w for ; Tue, 22 Feb 2005 17:13:03 +0300 Received: from wash by ns2.wananchi.com with local (Exim 4.44 #0 (FreeBSD 4.10-STABLE)) id 1D3aY8-0006xC-Ir by authid for ; Tue, 22 Feb 2005 16:58:04 +0300 Date: Tue, 22 Feb 2005 16:58:04 +0300 From: Odhiambo Washington To: pf@FreeBSD.org Message-ID: <20050222135804.GL52536@ns2.wananchi.com> References: <20050222124942.GG52536@ns2.wananchi.com> <421B334F.8080008@raxion.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <421B334F.8080008@raxion.net> X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.6i (2004-02-01) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.6i Subject: Re: Stumped with pf.conf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Feb 2005 14:12:57 -0000 * Kay Abendroth [20050222 16:28]: wrote: > Odhiambo Washington wrote: > >I am a newbie to PF, running on FreeBSD 5.3-STABLE. > >I would like some critique of the following pf.conf, which I am using, > >but which appears to have a loophole! Some folk is accessing my port > >8080, which I am thinking I have only opened to 62.8.64.0/19. > [...] > > > How do you know some are accessing? The only thing you actually log is > the traffic blocked by this rule: > > block in log quick on $ext_if inet proto tcp from any to any flags S/SAFR Hi Kay, I have an application running on port 8080 of this box. That application logs the IPs of machines accessing it, and I can see a foreign IP accessing that service. What I meant to say is that "the filter is NOT working as expected by blocking access to disallowed hosts". If you'd like to test accessing the box on that port, go ahead and set your proxy settings to 62.8.64.13:8080 and try going to badboys.com -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ "Do not meddle in the affairs of wizards, for you are crunchy and good with ketchup."