Date: Tue, 11 Sep 2007 16:29:28 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: jonathan michaels <jlm@caamora.com.au> Cc: freebsd pf <freebsd-pf@freebsd.org> Subject: Re: pf, ping and traceroute Message-ID: <46E6A648.8080700@quip.cz> In-Reply-To: <20070911213841.01986@caamora.com.au> References: <20070911133959.25090@caamora.com.au> <fee88ee40709110207m456e2adbi96a3d3378548495@mail.gmail.com> <20070911213841.01986@caamora.com.au>
index | next in thread | previous in thread | raw e-mail
jonathan michaels wrote: > On Tue, Sep 11, 2007 at 02:07:45AM -0700, Kian Mohageri wrote: [...] > yes, kian, my basic problem is that english is not my first language > and i still have difficulty understanding the way that teh document is > written. Even if you are not native english speaking, please use "the" and not "teh". It is hard to read your sentences. >>Focus on understanding how the directions work (e.g. pass in vs. pass >>out) and also 'keep state.' Understanding states is critical... have >>you figured out how those work yet? > > > i think that i have .. but, i have a way to go yet i think. learning > for me is a hard process of reading and reading and reading untill i > understand it and i can get it past teh damaged bits of my brain. > > sorry, i don't have any other way of explaining what is going on. I am using PF on my servers and I am using the folowing two lines to allow incoming & outgoing pings: # Allow pings and replies while keeping state pass out quick on $ext_if inet proto icmp icmp-type 8 code 0 keep state pass in quick on $ext_if inet proto icmp icmp-type 8 code 0 keep state Where $ext_if is ext_if="bge0" >>Are you filtering on a router? Switch? Server? > > > pentium 133 mhz that is running freebsd v6.2 and i am using the > included version pf. so i suppose that it is a server, yes ?? > > my internet connection is via a v.90 dialup modem that provides me a > permanent connected ppp style connection/account (been using some 10 > plus years). > > ext_if=ppp0 = this is teh modem, on serial (comm0/cuad0 ) port 1 > int_if=de0 = nic, accton en1203 21040 (a digital 10 mhz clone) > > this is all that that there is, so i suppose its a simple router ?? > > i am thinking of using pf to defend all teh internal machines from > stuff that makes it through the firewall, is this possible (there seems > to be nothing, that i have been able to find/understand in teh doc or > via google) ?? > > this means that i am looking at using ipfw as a secondary firewall, or > just as a filter kind of thing to keep out the stuff that is making it > through the firewall. I don't understand what do you mean... There is no reason to use more then one firewall on the machine and PF is just fine. Miroslav Lachmanhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46E6A648.8080700>