Date: Tue, 11 Sep 2007 21:38:41 +1000 From: jonathan michaels <jlm@caamora.com.au> To: Kian Mohageri <kian.mohageri@gmail.com> Cc: freebsd pf <freebsd-pf@freebsd.org> Subject: Re: pf, ping and traceroute Message-ID: <20070911213841.01986@caamora.com.au> In-Reply-To: <fee88ee40709110207m456e2adbi96a3d3378548495@mail.gmail.com>; from Kian Mohageri on Tue, Sep 11, 2007 at 02:07:45AM -0700 References: <20070911133959.25090@caamora.com.au> <fee88ee40709110207m456e2adbi96a3d3378548495@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 11, 2007 at 02:07:45AM -0700, Kian Mohageri wrote: > On 9/10/07, jonathan michaels <jon@caamora.com.au> wrote: > > > > i get that it is part of teh functionality to stop outside stuff > > garbage bad people from getting to teh inside but how do i make a > > "hole" in teh 'firewall' for ping/traceroute without opening up teh > > firewall to let the same (ping/traceroute/etc) stuff come in from teh > > outside ???? > > > > PF was developed by OpenBSD, so their documentation is mostly > authoritative. Keep in mind the PF found in FreeBSD is slightly > different -- it isn't as new, for the most part (much of that changed > recently thanks to Max Laier). > > Anyway, have you read the OpenBSD documentation? yes, but, > http://www.openbsd.org/faq/pf/ yes, kian, my basic problem is that english is not my first language and i still have difficulty understanding the way that teh document is written. > Focus on understanding how the directions work (e.g. pass in vs. pass > out) and also 'keep state.' Understanding states is critical... have > you figured out how those work yet? i think that i have .. but, i have a way to go yet i think. learning for me is a hard process of reading and reading and reading untill i understand it and i can get it past teh damaged bits of my brain. sorry, i don't have any other way of explaining what is going on. > Are you filtering on a router? Switch? Server? pentium 133 mhz that is running freebsd v6.2 and i am using the included version pf. so i suppose that it is a server, yes ?? my internet connection is via a v.90 dialup modem that provides me a permanent connected ppp style connection/account (been using some 10 plus years). ext_if=ppp0 = this is teh modem, on serial (comm0/cuad0 ) port 1 int_if=de0 = nic, accton en1203 21040 (a digital 10 mhz clone) this is all that that there is, so i suppose its a simple router ?? i am thinking of using pf to defend all teh internal machines from stuff that makes it through the firewall, is this possible (there seems to be nothing, that i have been able to find/understand in teh doc or via google) ?? this means that i am looking at using ipfw as a secondary firewall, or just as a filter kind of thing to keep out the stuff that is making it through the firewall. > -Kian -- ================================================================ powered by .. QNX, OS9 and freeBSD -- http://caamora com au/operating system ==== === appropriate solution in an inappropriate world === ====
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070911213841.01986>