Date: Thu, 21 Oct 2004 22:49:14 +0200 From: Matteo Riondato <rionda@gufi.org> To: freebsd-pf@freebsd.org Subject: Re: Another problem with pf.. Message-ID: <1098391754.909.16.camel@kaiser.sig11.org> In-Reply-To: <643946323.20041021211340@andric.com> References: <1098383388.909.3.camel@kaiser.sig11.org> <643946323.20041021211340@andric.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-y74eZpyOa9ZXrphJ2Sqf Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Il Gio, 2004-10-21 alle 21:13, Dimitry Andric ha scritto: > On 2004-10-21 at 20:29:48 Matteo Riondato wrote: >=20 > > pf_enable=3D"YES" > > pf_rules=3D"/etc/pf.conf" >=20 > The last line is not really needed, as it is the default anyway (see > /etc/defaults/rc.conf). With or without that line, the situation does not change. > pfctl -n -v -f /etc/pf.conf kaiser# pfctl -n -v -f /etc/pf.conf ext_if =3D "tun0" wifi_if =3D "rl0" eth_if =3D "fxp1" wifi_net =3D "192.168.1.0/27" eth_net =3D "192.168.0.0/29" tcp_services =3D "{ 22, 80, 25, 4660 >< 4683, 6890 >< 6901 }" icmp_types =3D "{ 0, 3, 8, 11 }" scrub in all fragment reassemble block drop all pass quick on lo0 all block drop in log quick on ! rl0 inet from 192.168.1.0/24 to any block drop in log quick inet from 192.168.1.1 to any block drop in quick on ! fxp1 inet from 192.168.0.0/24 to any block drop in quick inet from 192.168.0.1 to any pass in on tun0 inet proto tcp from any to 82.52.115.76 port =3D ssh flags S /SA keep state pass in on tun0 inet proto tcp from any to 82.52.115.76 port =3D http flags=20 S/SA keep state pass in on tun0 inet proto tcp from any to 82.52.115.76 port =3D smtp flags=20 S/SA keep state pass in on tun0 inet proto tcp from any to 82.52.115.76 port 4660 >< 4683=20 flags S/SA keep state pass in on tun0 inet proto tcp from any to 82.52.115.76 port 6890 >< 6901=20 flags S/SA keep state pass inet proto icmp all icmp-type echorep pass inet proto icmp all icmp-type unreach pass inet proto icmp all icmp-type echoreq pass inet proto icmp all icmp-type timex pass in on rl0 inet from 192.168.1.0/27 to any keep state pass out on rl0 inet from any to 192.168.1.0/27 keep state pass in on fxp1 inet from 192.168.0.0/29 to any keep state pass out on fxp1 inet from any to 192.168.0.0/29 keep state pass in on rl0 inet from 192.168.1.200 to 192.168.1.1 keep state pass out on rl0 inet from 192.168.1.1 to 192.168.1.200 keep state pass out on tun0 proto tcp all flags S/SA modulate state pass out on tun0 proto udp all keep state pass out on tun0 proto icmp all keep state kaiser# --=20 Rionda aka Matteo Riondato GUFI Staff Member (http://www.gufi.org) FreeSBIE Developer (http://www.freesbie.org) BSD-FAQ-it Main Developer (http://utenti.gufi.org/~rionda) Sent from: kaiser.sig11.org running FreeBSD-6.0-CURRENT --=-y74eZpyOa9ZXrphJ2Sqf Content-Type: application/pgp-signature; name=signature.asc Content-Description: Questa parte del messaggio =?ISO-8859-1?Q?=E8?= firmata -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQBBeCDK2Mp4pR7Fa+wRAgwAAJ4gNg1rAhDvuWITN6aJIPhkYv//RQCdGTbc T8JyoYdajOtZnfK2QtdyyUA= =Kk8i -----END PGP SIGNATURE----- --=-y74eZpyOa9ZXrphJ2Sqf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1098391754.909.16.camel>