Date: Fri, 22 Jan 2010 11:32:51 +0300 From: S4mmael <s4mmael@gmail.com> To: kalin m <kalin@el.net> Cc: freebsd-security@freebsd.org Subject: Re: pf rules Message-ID: <6e38aed81001220032p2f4948bftede7862e1d7c7cf7@mail.gmail.com> In-Reply-To: <4B5958E2.9010509@el.net> References: <4B5958E2.9010509@el.net>
next in thread | previous in thread | raw e-mail | index | archive | help
If I guess your idea right, you should specify direction like this: pass in proto udp to any port $udp "pass proto udp to any port $udp" passes traffic in any direction (ingoing and outgoing). 2010/1/22 kalin m <kalin@el.net>: > > > hi all... > > doing testing with pf... > > how is it possible that if i have these rules below in pf.conf if i do: > telnet that.host.org 25 > > i get: > Trying xx.xx.xx.xx... > Connected to that.host.org. > Escape character is '^]'. > ........... etc ....... > > > pf.conf contetns: > > tcp_in = "{ www, https }" > ftp_in = "{ ftp }" > udp = "{ domain, ntp }" > ping = "echoreq" > > set skip on lo > scrub in > > antispoof for eth0 inet > > block in all > pass out all keep state > pass proto udp to any port $udp > pass inet proto icmp all icmp-type $ping keep state > pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state > pass proto tcp to any port ssh > > > > thanks.... > > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6e38aed81001220032p2f4948bftede7862e1d7c7cf7>