Date: Thu, 7 Jan 2010 13:38:50 -0800 (PST) From: Dino Vliet <dino_vliet@yahoo.com> To: freebsd-questions@freebsd.org Subject: pf headaches: why won' t it let me fetch from ftp servers? Message-ID: <452042.31871.qm@web51102.mail.re2.yahoo.com>
next in thread | raw e-mail | index | archive | help
Dear freebsd list,
I have the following pf.conf file:
tcp_services =3D "{ ftp, ssh, domain, www, auth, https }"
udp_services =3D "{ ftp, domain, ntp }"
icmp_types =3D "echoreq"
block all
pass inet proto icmp all icmp-type $icmp_types keep state
#pass in proto tcp to any port 22 keep state
pass out proto tcp to any port $tcp_services keep state
#pass out proto tcp to any port 25 keep state
#pass out proto tcp to any port 465 keep state
#pass out proto tcp to any port 587 keep state
pass out proto tcp to any port 5999 keep state
#pass out all keep state
#pass out proto tcp to any keep state
pass out proto udp to any port $udp_services
However,if I try to fetch a file from a ftp server as in the followining ex=
ample:fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/bash/FAQ
I get the result: Operation not permitted
My first question is: What is causing this? If I stop pf, then I' m able to=
fetch it.=A0
My second question is:Is my ruleset looking fine, as i want to block everyt=
hing and only let some specific services go out. Or need t be tightened mor=
e?
BrgdsDino
=0A=0A=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?452042.31871.qm>