Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Mar 2008 11:33:29 -0800
From:      "Michael K. Smith - Adhost" <mksmith@adhost.com>
To:        "Jeremy Chadwick" <koitsu@freebsd.org>
Cc:        freebsd-pf@freebsd.org
Subject:   RE: Confusion about FTP through PF
Message-ID:  <17838240D9A5544AAA5FF95F8D52031603699A2A@ad-exh01.adhost.lan>
In-Reply-To: <20080304010216.GA57085@eos.sc1.parodius.com>
References:  <17838240D9A5544AAA5FF95F8D520316036997D3@ad-exh01.adhost.lan> <20080304010216.GA57085@eos.sc1.parodius.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--PGP_Universal_15D556F9_5454DFDE_E4976344_1B32EFE7
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: QUOTED-PRINTABLE

Hello All:

> pass in quick on $ext_if inet proto tcp from any to 72.20.106.8 port {
> ftp, 49152:65535 } modulate state flags S/SA
>=20
Thanks to Jeremy for the line above which works like a champ.  The last pie=
ce of the puzzle for me is to block all inbound ftp connections to servers =
other than my ftp servers.  I have the following configuration to that effe=
ct.  The two servers in the table are associated with valid, outside IP add=
resses and the table shows up correctly with a 'pfctl -t ftp_servers -T sho=
w'.

table <ftp_servers> persist { \                 =20
        $liv_ftp_ext, \
        $uft_01_ext \
        }          =20

block in log quick on $vlan2_if proto tcp from any to ! <ftp_servers> port =
21

When I load this rule ftp breaks to everything, including the <ftp_servers>=
 servers.  Is it not possible to do a "!" in a block rule or is my syntax f=
ubar?

Regards,

Mike


--PGP_Universal_15D556F9_5454DFDE_E4976344_1B32EFE7
Content-Type: application/pgp-signature;
	name="PGP.sig"
Content-Transfer-Encoding: 7BIT
Content-Disposition: attachment;
	filename="PGP.sig"

-----BEGIN PGP SIGNATURE-----
Version: 9.8.0 (Build 2158)

iQEVAwUBR82kCfTXQhZ+XcVAAQgWJQf+NEbPWMfnyCuNEeSS7mVyOpJV5Ic69nRq
d2uKAUdx/1ZPZ3aUf5T/sQk69nU5hFGPIcVwrcLjvn5ISgE/TMVOCjqc+MfmsNnl
DXZLJZXpsf6xMUr2a3c7BOnriZZYrJBryNGT5gJ6AY2QSW9eyHZwgQFZWXkwYwWj
c7MXPQKXqxLjVMR3irBM1Pk6i9Ifu+Z96W8UhzbOAsR1YP3nHds2cBoPbxU9+ZuC
ECAHVK7agjkh07ds9m5iYmfrRGfdut4mQqxDwcnO2kTqysNd0yW5yulipuzbgvPA
nHyPnxVzImIFhDLRTxdRCQ57KgyE4p5JQpY+OStvJm6GxXQ29CLq1w==
=9ROT
-----END PGP SIGNATURE-----

--PGP_Universal_15D556F9_5454DFDE_E4976344_1B32EFE7--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D52031603699A2A>