FreeBSD Mail Archives

Date:      Mon, 10 Mar 2014 14:56:51 -0400
From:      Jason Hellenthal <jhellenthal@dataix.net>
To:        =?utf-8?Q?Ermal_Lu=C3=A7i?= <eri@freebsd.org>
Cc:        Joe Nosay <superbisquit@gmail.com>, John-Mark Gurney <jmg@funkthat.com>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject:   Re: Using pf.conf with public access points.
Message-ID:  <71CCF277-8BF7-4C3B-9F9E-2095EA4CC060@dataix.net>
In-Reply-To: <CAPBZQG3jzWnLk_Ea-VwkpTg2wHCF21M4faKzsYfVDAy9SAw3mg@mail.gmail.com>
References:  <CA%2BWntOsQG-OeF8AmiftKt6-7upXTN7Pnv4ogZJmt6kjZ0GsZAA@mail.gmail.com> <20140309231829.GG32089@funkthat.com> <9C40270E-18E0-4993-B7C5-BD8B5A24C95D@dataix.net> <CAPBZQG3jzWnLk_Ea-VwkpTg2wHCF21M4faKzsYfVDAy9SAw3mg@mail.gmail.com>


[-- Attachment #1 --]
I nearly forgot all about that feature thank you for the reminder.

-- 
 Jason Hellenthal
 Voice: 95.30.17.6/616
 JJH48-ARIN

> On Mar 10, 2014, at 10:20, Ermal Luçi <eri@freebsd.org> wrote:
> 
> Usually pf(4) does support having dynamic ips inside its ruleset.
> For example just putting the interface name as address or putting $iface:0 for first address etc...
> 
> Take a look an man page of pf.conf and search for the string 'Interface names and interface group names can'
> 
> 
>> On Sun, Mar 9, 2014 at 11:27 PM, Jason Hellenthal <jhellenthal@dataix.net> wrote:
>> You'll want to not use up addresses in your pf.conf
>> 
>> Block on default and then open up by definition of ports instead. Forget the whole IPAddr thing and treat this as a roaming client firewall.
>> 
>> 
>> --
>>  Jason Hellenthal
>>  Voice: 95.30.17.6/616
>>  JJH48-ARIN
>> 
>> > On Mar 9, 2014, at 19:18, John-Mark Gurney <jmg@funkthat.com> wrote:
>> >
>> > Joe Nosay wrote this message on Sun, Mar 09, 2014 at 15:36 -0400:
>> >> 2. How do I compensate for the use of public access points when the IP
>> >> addresses will always be different?
>> >
>> > it doesn't appear that pf has this ability, but it looks like ipfw
>> > has this, from ipfw(8):
>> >             me      matches any IP address configured on an interface in the
>> >                     system.
>> >
>> > So, maybe switching to ipfw might be an option..
>> >
>> > --
>> >  John-Mark Gurney                Voice: +1 415 225 5579
>> >
>> >     "All that I will do, has been done, All that I have, has not."
>> > _______________________________________________
>> > freebsd-net@freebsd.org mailing list
>> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
> 
> 
> 
> -- 
> Ermal

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
��90�00����0
	*�H��
0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
130518085048Z
140519220947Z0H10Ujhellenthal@dataix.net1%0#	*�H��
	jhellenthal@dataix.net0�"0
	*�H��
�0�
��'`T�mfkܨJ5�u+c�'�U�p�b����`��zv�)&ȸX�Z*V��N�6�Jv�LoV�o�h�}�g�
p�QǄKf/�tZ�A�˳(���"4Ԅ��˻�'�d2h|��IB�l�'���^v�^��;'��e8�S��9�9���ۿVm|k8_UQ��t�C�"5�l��!kjZ]އQGn����\��B��h�!FT�sD�%���pV^�E��ӑd¨x͸"�9
г"��������f����0��0	U00U�0U%0++0U�ڔ�fm��V�ʢ�$䟓�0U#0�Sr풜���\|~�5N�ԸQ�0!U0�jhellenthal@dataix.net0�LU �C0�?0�;+��70�*0.+"http://www.startssl.com/policy.pdf0��+0��0' StartCom Certification Authority0��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+��009+0�-http://ocsp.startssl.com/sub/class1/client/ca0B+0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��
�{0���Ӹ,52��W{��E�y�8�b�[���{��7��_�+��P�"��n�[���"-�,��@Žp��J��-W��$ݍ�jWA��-6���z��(	���RdIZ�.����Kz�X�є[�K6}{�s+v.�Q��h�0���P�ͅK��h�Tw0I�7�3l��z*�Kv��4Kkگ��6�3;�p1:ױ����@)����]o�k>:W�%Xw�C1þL�/�o8���~#�oP�0�40��0
	*�H��
0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0�"0
	*�H��
�0�
��	���-��)�.����2����A�UG��o��#G�
�B|N�D�����Rp�M-��B��=o���-�we�5��J�Qpa>O��.�#������.���_�<���V��
[~�*��*�p�z��~�3�W�G�.ᘟ����Ml�r[�<C�e�6���f����q������O���"��u��xf�WN�#�u����i���c�gk��v$����Lb�%�������y��`�����_�{`���xK'G�N�����0��0U�0�0U�0USr풜���\|~�5N�ԸQ�0U#0�N��@[�i�0�4hC�A��0f+Z0X0'+0�http://ocsp.startssl.com/ca0-+0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+��70f0.+"http://www.startssl.com/policy.pdf04+(http://www.startssl.com/intermediate.pdf0
	*�H��
�
�}x�,\�c�^��#wM�q�}��>UK/��^y��X֏y	����f�rMIŲ�B6�1ymQ󸟆�ҨݬZ���0���&��;�@��#13qۑ��&	��̢������o�	6�r��_��;�GO>*I�(	7�4���XS1r3��)!�Ǉ�y��6Ko����tˆ#
_�w�S�r���
�;�B
A�Dp�(f��s�������䰷6%�����.W0J3�:b�C�<�8t X����1�<��C��n�=�����t==�wS���T������~���\�wkB�f�|1��5���zU��P)��(���I��j��VB��!����OfI=b��b�\4�-*em��/нSJm�7���N�����[�]'��@ڽ��D9�Kr>���R��7/��|�o���^I@�ټ'��Pa$ z��9�a'L�)��(�
�I��}v��c�H]�۸�D����*�W�}
m�>Q����|�C.�(,�l��Q�0��0���0
	*�H��
0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
060917194636Z
360917194636Z0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0�"0
	*�H��
�0�
����	�lF|x��{�3��rb��6 "$^��w�C
�d�̎6�8�#�nm�<�r����=�3+�/���AYg��}
�t��yL�7z�9RY��FC�҅���q�ub4�,����4�ǖ�R=�3��M�;JK��&/��r5w�<]���&�6v\�t%������x�-�0-ry�F�*�����I������
�cS�b�:̵f��kt�+�v>�m��D�sb;ľ�SV%lQ	���ʿv�m��ۿ=f�V���H�:KߧXP�8u�[�C����lMp[)e�ݪ]̯1��ҍ��{�n�'fH�nB�?�!>{�
p�c��lT�\%zɢɋ��,~^MXn�
�2�����n��6I�Hi�M�i�
���y"H��{i�p��z7��
�vOW��������`�g:�����ԋr"�Ɵ���������ƶ�\R<��*s
�`�z/�ۣn�&0���݉W��=��+ŷv��+��*r��3�]	K߻�tRK��R0�N0U0�0U�0UN��@[�i�0�4hC�A��0dU]0[0,�*�(�&http://cert.startcom.org/sfsca-crl.crl0+�)�'�%http://crl.startcom.org/sfsca-crl.crl0�]U �T0�P0�L+��70�;0/+#http://cert.startcom.org/policy.pdf05+)http://cert.startcom.org/intermediate.pdf0��+0��0' Start Commercial (StartCom) Ltd.0��Limited Liability, read the section *Legal Limitations* of the StartCom Certification Authority Policy available at http://cert.startcom.org/policy.pdf0	`�H��B08	`�H��B
+)StartCom Free SSL Certification Authority0
	*�H��
�l��f4�Ѕ^}
��N8^ߦ%K�2��;�=�D	[I�)�f����%�	<���6�+K�h�9f=�&��9�Q��{~��Z��Wpi��^X�
ߌ�E8
^W�b�z�����)����n(�DÐ�8�<�CMdE��(�\�s{�諱�.\dns1:����}��Q�;���M�f{<�Ӛ��eP���u�/���C��i��y�C�Fr�d6��%8��w~�kj���DK�x����,KD�4R'�
]�����x�S2݀�fuٵh(�a.���8����gd�./�p�ǖ|�e��CT�ݥ�9�`�4ɖp,��H{�~k����";���*���R��KU�����"��4N&"��,uJ��}׸d�6��/��#	��;sI�jW����xřCc�M�w-�e�riG	�V$��y�X.��	~��m>��J9��+���u���	�U7��7�Cb ��VKe��l�$�$�4���"��}?�eQ
�0j���
�r��^1�o0�k0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA��0	+���0	*�H��
	1	*�H��
0	*�H��
	1
140310185653Z0#	*�H��
	1��j�#�6l��$�"G����0��	+�71��0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA��0��*�H��
	1�����0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA��0
	*�H��
���(�f�r;
X�3����55�	�,�O�J*@(���$خ�g�gy���Ǟ���1�M�����O]�s�t�α�Z���)��1<��&�SY�`?���nF@�w�I��Z�ǹ����d�j߃�]������A��<��a���[GC��4/�(�T@��?���W*/���Y9�*	emlݕ_H�����<�l[cS0������-ÄQ�T��iȎ,i{�d����&��'9�V"��1��%�r�'�@
��O!�|�^

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?71CCF277-8BF7-4C3B-9F9E-2095EA4CC060>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation