Date: Fri, 22 Jan 2010 11:19:37 -0500 From: kalin m <kalin@el.net> To: S4mmael <s4mmael@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: pf rules Message-ID: <4B59D019.7040409@el.net> In-Reply-To: <6e38aed81001220032p2f4948bftede7862e1d7c7cf7@mail.gmail.com> References: <4B5958E2.9010509@el.net> <6e38aed81001220032p2f4948bftede7862e1d7c7cf7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
not sure if that would affect smtp. would it? how so?
S4mmael wrote:
> If I guess your idea right, you should specify direction like this:
> pass in proto udp to any port $udp
>
> "pass proto udp to any port $udp" passes traffic in any direction
> (ingoing and outgoing).
>
> 2010/1/22 kalin m <kalin@el.net>:
>
>> hi all...
>>
>> doing testing with pf...
>>
>> how is it possible that if i have these rules below in pf.conf if i do:
>> telnet that.host.org 25
>>
>> i get:
>> Trying xx.xx.xx.xx...
>> Connected to that.host.org.
>> Escape character is '^]'.
>> ........... etc .......
>>
>>
>> pf.conf contetns:
>>
>> tcp_in = "{ www, https }"
>> ftp_in = "{ ftp }"
>> udp = "{ domain, ntp }"
>> ping = "echoreq"
>>
>> set skip on lo
>> scrub in
>>
>> antispoof for eth0 inet
>>
>> block in all
>> pass out all keep state
>> pass proto udp to any port $udp
>> pass inet proto icmp all icmp-type $ping keep state
>> pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state
>> pass proto tcp to any port ssh
>>
>>
>>
>> thanks....
>>
>>
>>
>> _______________________________________________
>> freebsd-security@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>>
>>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B59D019.7040409>