Date: Fri, 22 Jan 2010 11:19:37 -0500 From: kalin m <kalin@el.net> To: S4mmael <s4mmael@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: pf rules Message-ID: <4B59D019.7040409@el.net> In-Reply-To: <6e38aed81001220032p2f4948bftede7862e1d7c7cf7@mail.gmail.com> References: <4B5958E2.9010509@el.net> <6e38aed81001220032p2f4948bftede7862e1d7c7cf7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
not sure if that would affect smtp. would it? how so? S4mmael wrote: > If I guess your idea right, you should specify direction like this: > pass in proto udp to any port $udp > > "pass proto udp to any port $udp" passes traffic in any direction > (ingoing and outgoing). > > 2010/1/22 kalin m <kalin@el.net>: > >> hi all... >> >> doing testing with pf... >> >> how is it possible that if i have these rules below in pf.conf if i do: >> telnet that.host.org 25 >> >> i get: >> Trying xx.xx.xx.xx... >> Connected to that.host.org. >> Escape character is '^]'. >> ........... etc ....... >> >> >> pf.conf contetns: >> >> tcp_in = "{ www, https }" >> ftp_in = "{ ftp }" >> udp = "{ domain, ntp }" >> ping = "echoreq" >> >> set skip on lo >> scrub in >> >> antispoof for eth0 inet >> >> block in all >> pass out all keep state >> pass proto udp to any port $udp >> pass inet proto icmp all icmp-type $ping keep state >> pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state >> pass proto tcp to any port ssh >> >> >> >> thanks.... >> >> >> >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >> >>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B59D019.7040409>