Date: Tue, 22 Feb 2005 18:04:02 +0100 From: Hexren <me@hexren.net> To: Odhiambo Washington <wash@wananchi.com> Cc: pf@FreeBSD.org Subject: Re[2]: Stumped with pf.conf Message-ID: <764162355.20050222180402@hexren.net> In-Reply-To: <20050222165221.GC35111@ns2.wananchi.com> References: <20050222124942.GG52536@ns2.wananchi.com> <20050222135804.GL52536@ns2.wananchi.com> <1242093159.20050222172933@hexren.net> <73064646.20050222174545@hexren.net> <20050222165221.GC35111@ns2.wananchi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
OW> * Hexren <me@hexren.net> [20050222 19:46]: wrote: >> OW> * Hexren <me@hexren.net> [20050222 19:30]: wrote: >> >> OW> * Kay Abendroth <kay.abendroth@raxion.net> [20050222 16:28]: wrote: >> >> >> Odhiambo Washington wrote: >> >> >> >I am a newbie to PF, running on FreeBSD 5.3-STABLE. >> >> >> >I would like some critique of the following pf.conf, which I am using, >> >> >> >but which appears to have a loophole! Some folk is accessing my port >> >> >> >8080, which I am thinking I have only opened to 62.8.64.0/19. >> >> >> [...] >> >> >> >> >> >> >> >> >> How do you know some are accessing? The only thing you actually log is >> >> >> the traffic blocked by this rule: >> >> >> >> >> >> block in log quick on $ext_if inet proto tcp from any to any flags S/SAFR >> >> >> >> OW> Hi Kay, >> >> >> >> OW> I have an application running on port 8080 of this box. That >> >> OW> application logs the IPs of machines accessing it, and I can see a >> >> OW> foreign IP accessing that service. >> >> >> >> OW> What I meant to say is that "the filter is NOT working as expected by >> >> OW> blocking access to disallowed hosts". >> >> >> >> OW> If you'd like to test accessing the box on that port, go ahead and >> >> OW> set your proxy settings to 62.8.64.13:8080 and try going to badboys.com >> >> >> >> >> >> --------------------------------------------- >> >> >> >> Looking over it I can't see any obvious mistakes. >> >> Have you enabled pf, (e.g. done "pfctl -e") ? >> >> OW> Yes! >> >> >> And can you provide the output of "pfctl -sr". >> >> OW> Gives no output. >> >> >> A good way to narrow your problem down would be to log all rules that >> >> pass and see which one lets outside connections in. >> >> OW> I am gonna try that! >> >> >> --------------------------------------------- >> >> Then please show "pfctl -sa" OW> FILTER RULES: OW> INFO: OW> Status: Enabled for 0 days 00:08:31 Debug: Urgent OW> Hostid: 0x13453171 OW> State Table Total Rate OW> current entries 0 OW> searches 105399 206.3/s OW> inserts 0 0.0/s OW> removals 0 0.0/s OW> Counters OW> match 105399 206.3/s OW> bad-offset 0 0.0/s OW> fragment 0 0.0/s OW> short 0 0.0/s OW> normalize 0 0.0/s OW> memory 0 0.0/s OW> TIMEOUTS: OW> tcp.first 120s OW> tcp.opening 30s OW> tcp.established 86400s OW> tcp.closing 900s OW> tcp.finwait 45s OW> tcp.closed 90s OW> udp.first 60s OW> udp.single 30s OW> udp.multiple 60s OW> icmp.first 20s OW> icmp.error 10s OW> other.first 60s OW> other.single 30s OW> other.multiple 60s OW> frag 30s OW> interval 10s OW> adaptive.start 0 states OW> adaptive.end 0 states OW> src.track 0s OW> LIMITS: OW> states hard limit 10000 OW> src-nodes hard limit 0 OW> frags hard limit 5000 >> "pfctl -sr" should output all active rules. Having no output implies >> that you have no rules, imho. Please describe the procedure you >> used to install your ruleset into pf. OW> I created the file, /etc/pf.conf, checked it to be sure that at least OW> I was understanding what I have written, then I did: OW> pfctl -e OW> Isn't that the way? ;) --------------------------------------------- Indeed it is not ;) try "pfctl -f /etc/pf.conf" that should load the configuration from /etc/pf.conf. Have you read the pf man pages ? You should :) Hexren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?764162355.20050222180402>