Date: Fri, 22 Jan 2010 11:32:51 +0300 From: S4mmael <s4mmael@gmail.com> To: kalin m <kalin@el.net> Cc: freebsd-security@freebsd.org Subject: Re: pf rules Message-ID: <6e38aed81001220032p2f4948bftede7862e1d7c7cf7@mail.gmail.com> In-Reply-To: <4B5958E2.9010509@el.net> References: <4B5958E2.9010509@el.net>
next in thread | previous in thread | raw e-mail | index | archive | help
If I guess your idea right, you should specify direction like this:
pass in proto udp to any port $udp
"pass proto udp to any port $udp" passes traffic in any direction
(ingoing and outgoing).
2010/1/22 kalin m <kalin@el.net>:
>
>
> hi all...
>
> doing testing with pf...
>
> how is it possible that if i have these rules below in pf.conf if i do:
> telnet that.host.org 25
>
> i get:
> Trying xx.xx.xx.xx...
> Connected to that.host.org.
> Escape character is '^]'.
> ........... etc .......
>
>
> pf.conf contetns:
>
> tcp_in = "{ www, https }"
> ftp_in = "{ ftp }"
> udp = "{ domain, ntp }"
> ping = "echoreq"
>
> set skip on lo
> scrub in
>
> antispoof for eth0 inet
>
> block in all
> pass out all keep state
> pass proto udp to any port $udp
> pass inet proto icmp all icmp-type $ping keep state
> pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state
> pass proto tcp to any port ssh
>
>
>
> thanks....
>
>
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6e38aed81001220032p2f4948bftede7862e1d7c7cf7>