From owner-freebsd-pf@FreeBSD.ORG Tue Feb 22 16:40:25 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B85616A4D1 for ; Tue, 22 Feb 2005 16:40:25 +0000 (GMT) Received: from smtp-out.wananchi.com (smtp-out.wananchi.com [62.8.64.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 530EE43D58 for ; Tue, 22 Feb 2005 16:40:15 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com ([62.8.64.4]) by smtp-out.wananchi.com with esmtp (Exim 4.43 #1 (FreeBSD 5.2.1)) id 1D3d5C-000FwE-9x for ; Tue, 22 Feb 2005 19:40:22 +0300 Received: from wash by ns2.wananchi.com with local (Exim 4.44 #0 (FreeBSD 4.10-STABLE)) id 1D3d4q-000Amt-TC by authid for ; Tue, 22 Feb 2005 19:40:00 +0300 Date: Tue, 22 Feb 2005 19:40:00 +0300 From: Odhiambo Washington To: pf@FreeBSD.org Message-ID: <20050222164000.GA35111@ns2.wananchi.com> References: <20050222124942.GG52536@ns2.wananchi.com> <421B334F.8080008@raxion.net> <20050222135804.GL52536@ns2.wananchi.com> <1242093159.20050222172933@hexren.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1242093159.20050222172933@hexren.net> X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.6i (2004-02-01) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.6i Subject: Re: Stumped with pf.conf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Feb 2005 16:40:25 -0000 * Hexren [20050222 19:30]: wrote: > OW> * Kay Abendroth [20050222 16:28]: wrote: > >> Odhiambo Washington wrote: > >> >I am a newbie to PF, running on FreeBSD 5.3-STABLE. > >> >I would like some critique of the following pf.conf, which I am using, > >> >but which appears to have a loophole! Some folk is accessing my port > >> >8080, which I am thinking I have only opened to 62.8.64.0/19. > >> [...] > >> > >> > >> How do you know some are accessing? The only thing you actually log is > >> the traffic blocked by this rule: > >> > >> block in log quick on $ext_if inet proto tcp from any to any flags S/SAFR > > OW> Hi Kay, > > OW> I have an application running on port 8080 of this box. That > OW> application logs the IPs of machines accessing it, and I can see a > OW> foreign IP accessing that service. > > OW> What I meant to say is that "the filter is NOT working as expected by > OW> blocking access to disallowed hosts". > > OW> If you'd like to test accessing the box on that port, go ahead and > OW> set your proxy settings to 62.8.64.13:8080 and try going to badboys.com > > > --------------------------------------------- > > Looking over it I can't see any obvious mistakes. > Have you enabled pf, (e.g. done "pfctl -e") ? Yes! > And can you provide the output of "pfctl -sr". Gives no output. > A good way to narrow your problem down would be to log all rules that > pass and see which one lets outside connections in. I am gonna try that! Best regards, Odhiambo Washington Systems Admin, Wananchi Online Ltd. Are you hosting your domain name with the leaders??: See http://webhosting.info/webhosts/tophosts/Country/KE DISCLAIMER : http://ns2.wananchi.com/~wash/Email/disclaimer.txt ----------------------------------+----------------------------------------- Odhiambo WASHINGTON . WANANCHI ONLINE LTD (Nairobi, KE) http://www.wananchi.com/email/ . 1ere Etage, Loita Hse, Loita St., Mobile: (+254) 722 743 223 . # 10286, 00100 NAIROBI ----------------------------------+----------------------------------------- L'Argent ne fait pas le bonheur! - Pepe Kalle (Ya Mpanya) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++