Date: Thu, 16 Nov 2006 23:00:57 +0200 From: Andrei Kolu <antik@bsd.ee> To: freebsd-pf@freebsd.org Subject: Re: problems connecting samba shares Message-ID: <200611162300.58310.antik@bsd.ee> In-Reply-To: <200611162055.48636.antik@bsd.ee> References: <00b201c709ad$b1b96d20$c806a8c0@lfarr> <200611162055.48636.antik@bsd.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 16 November 2006 20:55, Andrei Kolu wrote: > On Thursday 16 November 2006 20:33, Lawrence Farr wrote: > > > /etc/pf.conf: > > > pass in on rl0 proto udp from any to (rl0) port 137 keep state > > > > > > # tcpdump -n -e -ttt -i pflog0: > > > rule 0/0(match): block in on rl0: 192.168.2.100.137 > > > > 192.168.2.101.53259: NBT UDP PACKET(137): QUERY; POSITIVE; > > > RESPONSE; UNICAST > > > > Because that came FROM port 137 not TO port 137. > > Oops, I thought it wants to connenct back to my port 137- silly me. Then I > have to open all ports that is higher than 1024? > > This line is correct? > > pass in proto {tcp,udp} from any to any port 1024:65535 keep state > _______________________________________________ OK, I'll answer this question myself. # Ports from 49152 to 65535 are known as Dynamic or Private Ports. # Ports between 1024 and 29151 are known as the Registered Ports. # Basically, programs are supposed to register their use of these # ports and thereby try to be careful and avoid stomping on each other. Sry, not ports from 1024 and up but starting from 49152 and up. set skip on lo0 set block-policy return set loginterface rl0 scrub in all block in log antispoof quick for lo0 inet block in from no-route to any pass out keep state table <blacklist> persist file "/etc/blacklist" pass inet proto icmp from any to any pass in proto {tcp,udp} from any to any port 49152:65535 keep state pass in quick on rl0 proto udp from any to (rl0) port 137 keep state pass in quick on rl0 proto udp from any to (rl0) port 138 keep state pass in quick on rl0 proto tcp from any to (rl0) port 22 keep state pass in quick on rl0 proto tcp from any to (rl0) port 445 keep state pass in quick on rl0 proto tcp from any to (rl0) port 137 keep state pass in quick on rl0 proto tcp from any to (rl0) port 139 keep state block on rl0 from <blacklist> to any
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611162300.58310.antik>