From owner-freebsd-pf@FreeBSD.ORG Sun Jan 8 02:27:14 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E320E16A41F; Sun, 8 Jan 2006 02:27:13 +0000 (GMT) (envelope-from montarotech@optusnet.com.au) Received: from mail16.syd.optusnet.com.au (mail16.syd.optusnet.com.au [211.29.132.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 490C843D45; Sun, 8 Jan 2006 02:27:12 +0000 (GMT) (envelope-from montarotech@optusnet.com.au) Received: from delta (d220-236-70-138.dsl.nsw.optusnet.com.au [220.236.70.138]) by mail16.syd.optusnet.com.au (8.12.11/8.12.11) with SMTP id k082R3p9008406; Sun, 8 Jan 2006 13:27:06 +1100 Message-ID: <001501c613fb$070dc5e0$0600a8c0@delta> From: "Josh Finlay" To: "Remko Lodder" References: <007c01c61324$d4bd1630$0600a8c0@delta> <43BFFEBA.9070809@FreeBSD.org> Date: Sun, 8 Jan 2006 12:27:02 +1000 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Cc: freebsd-pf@freebsd.org Subject: Re: IPv6 RDR on FBSD X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jan 2006 02:27:14 -0000 > Hi Josh, > > I always thought that a ipv4 addr was written like > > :: instead of the . Ahh. I'm guessing you mean ::ffff:123.245.789.012 Not a bad thought, I'll give it a go. I sort of had a feeling that perhaps my PF was not IPv6 enabled or something along those lines, as it said that it the address family was not found. Ill give it a go and see what happens Thanks ;) > > Perhaps this is also the case for PF not parsing > your line properly. Maybe! :) > > Btw i hope you test with pfctl -n -f /etc/pf.conf so that > the ruleset does not get loaded and does not break (in case > you made typo's or something :-)). Of course ;) > > Cheers, > Remko Regards, Josh Finlay > > -- > Kind regards, > > Remko Lodder ** remko@elvandar.org > FreeBSD ** remko@FreeBSD.org From owner-freebsd-pf@FreeBSD.ORG Mon Jan 9 08:50:17 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69BA216A41F for ; Mon, 9 Jan 2006 08:50:17 +0000 (GMT) (envelope-from cristiano.deana@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id D51EC43D45 for ; Mon, 9 Jan 2006 08:50:16 +0000 (GMT) (envelope-from cristiano.deana@gmail.com) Received: by wproxy.gmail.com with SMTP id i20so3509870wra for ; Mon, 09 Jan 2006 00:50:16 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZvQ6xs3Qqv2YDCAQcYvec0XL/F2A0lmXbmEBdOKBHNtXZMCMMiE9t1/qKYts1eR757jOQ4/NSsGE6ypVTJcCq6TiabzZtfj+Txbve0Zgi9q6Vui6ipwSlv0BREU2CPnKrklYwIwJeRM/K/0ZFxoWaCTpjQ5YBINe6Y4GXmfAT3E= Received: by 10.54.113.6 with SMTP id l6mr7934416wrc; Mon, 09 Jan 2006 00:50:15 -0800 (PST) Received: by 10.54.123.4 with HTTP; Mon, 9 Jan 2006 00:50:15 -0800 (PST) Message-ID: Date: Mon, 9 Jan 2006 09:49:15 +0059 From: Cristiano Deana To: freebsd-pf@freebsd.org In-Reply-To: <43BEBBC9.8070203@forrie.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <43BEBBC9.8070203@forrie.com> Subject: Re: Useful utilities for PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2006 08:50:17 -0000 2006/1/6, Forrest Aldrich : > http://expiretable.fnord.se/ > Might be good candidates for the ports collection. http://www.freshports.org/security/expiretable -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/ From owner-freebsd-pf@FreeBSD.ORG Mon Jan 9 11:02:36 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68F3716A41F for ; Mon, 9 Jan 2006 11:02:36 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0556743D46 for ; Mon, 9 Jan 2006 11:02:36 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k09B2ZVB066193 for ; Mon, 9 Jan 2006 11:02:35 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k09B2YhE066187 for freebsd-pf@freebsd.org; Mon, 9 Jan 2006 11:02:34 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 9 Jan 2006 11:02:34 GMT Message-Id: <200601091102.k09B2YhE066187@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jan 2006 11:02:36 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2005/06/15] kern/82271 pf [pf] cbq scheduler cause bad latency f [2005/07/31] kern/84370 pf [modules] Unload pf.ko cause page fault f [2005/09/13] kern/86072 pf [pf] Packet Filter rule not working prope 3 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2005/05/15] conf/81042 pf [pf] [patch] /etc/pf.os doesn't match Fre o [2005/12/09] kern/90148 pf [pf] pf_enable="YES" -> Fatal trap 12: pa 2 problems total. From owner-freebsd-pf@FreeBSD.ORG Tue Jan 10 09:37:37 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25D8E16A41F for ; Tue, 10 Jan 2006 09:37:37 +0000 (GMT) (envelope-from solinym@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C10D43D4C for ; Tue, 10 Jan 2006 09:37:27 +0000 (GMT) (envelope-from solinym@gmail.com) Received: by wproxy.gmail.com with SMTP id i14so114729wra for ; Tue, 10 Jan 2006 01:37:27 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=OdXy4JZgAlZR0xxgHNPmcAWAeSrlHjQQLSdsWGRcrzYIzbBNmlheUBOM1BqWJkPmdynoEme7m8rcpUsupxVNi5+iiTzWWXT+U1f+EO9GKBsh4qMdgrIJ7QYQygI90LyKDYunyK3vNDiRJzpgZM7zOsUnDmyDcHDyEM1Jn1OLA7U= Received: by 10.54.136.13 with SMTP id j13mr552842wrd; Tue, 10 Jan 2006 01:37:27 -0800 (PST) Received: by 10.54.79.3 with HTTP; Tue, 10 Jan 2006 01:37:27 -0800 (PST) Message-ID: Date: Tue, 10 Jan 2006 03:37:27 -0600 From: "Travis H." To: Forrest Aldrich In-Reply-To: <43BEBBC9.8070203@forrie.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <43BEBBC9.8070203@forrie.com> Cc: freebsd-pf@freebsd.org Subject: Re: Useful utilities for PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jan 2006 09:37:37 -0000 I'm going to do a little blatant self-promotion and suggest that you also take a look at dfd_keeper because it implements time-based rule expiration, among other things. Its main purpose is to provide a sort of command shell for pf, but you get a bunch of other things along the way. It is trivial to do things like trigger rule changes in response to snort alerts, or using a logwatching program to detect people attempting to brute-force ssh authentication. I was also planning to add some kind of IP consolidation/generalization routines so that some attacker hopping around in a /16 won't be able to harass you 65534 times. Also in the works is a sniffer that will do things like rdr bittorrent ports from your NAT box to an internal host when that host starts up bittorrent.=20 When nobody's using bittorrent, you can go back to stealth mode (as a forwarded port typically gives an open or closed response, you cannot easily do non-leeching bittorrent and remain invisible). You can download the program or view the source at my homepage below (first link, dynamic firewall daemon). For some reason, DFD has failed to generate any interest at all, but I'm not quite sure why. -- "If I could remember the names of these particles, I would have been a bota= nist" -- Enrico Fermi -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B From owner-freebsd-pf@FreeBSD.ORG Thu Jan 12 13:18:16 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A2B8A16A422 for ; Thu, 12 Jan 2006 13:18:16 +0000 (GMT) (envelope-from litgle@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B82743D48 for ; Thu, 12 Jan 2006 13:18:16 +0000 (GMT) (envelope-from litgle@gmail.com) Received: by zproxy.gmail.com with SMTP id l1so354857nzf for ; Thu, 12 Jan 2006 05:18:15 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:content-type:content-transfer-encoding; b=W47bVaoWJlTV+htFYd1fJsZDGSYH84EV19FR4wlsN7OGhij55hlZD52x/CJznLBDtDPoeoP4iAASz8dKElM5/D/Zy30DNiZY0O+cnEWdZinarj3r9N0+dQWxRdMhwDd/DnzQOKB7M6hF5gmKmkz6GdUvPubzxcUhx+Xn8SLDVxc= Received: by 10.36.222.20 with SMTP id u20mr1934093nzg; Thu, 12 Jan 2006 05:18:15 -0800 (PST) Received: from ?192.168.1.80? ( [219.136.5.115]) by mx.gmail.com with ESMTP id c12sm1723316nzc.2006.01.12.05.18.14; Thu, 12 Jan 2006 05:18:15 -0800 (PST) Message-ID: <43C65711.3080705@gmail.com> Date: Thu, 12 Jan 2006 21:18:09 +0800 From: litgle User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=GB2312 Content-Transfer-Encoding: 7bit Subject: (no subject) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2006 13:18:17 -0000 From owner-freebsd-pf@FreeBSD.ORG Sat Jan 14 17:58:02 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B30016A41F; Sat, 14 Jan 2006 17:58:02 +0000 (GMT) (envelope-from leon@trusc.net) Received: from cluster1.trusc.net (clgw.trusc.net [196.25.95.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id F17D243D46; Sat, 14 Jan 2006 17:58:00 +0000 (GMT) (envelope-from leon@trusc.net) Received: from [192.168.255.25] by cluster1.trusc.net (Exim 4.60 0 (FreeBSD 5.3)) protocol: esmtp id 1Expes-000Pod-Ip ; Sat, 14 Jan 2006 19:57:52 +0200 Message-ID: <43C93B80.7080406@trusc.net> Date: Sat, 14 Jan 2006 19:57:20 +0200 From: Leon Botes Organization: TruscTechnologies User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org, freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -1.4 (-) Cc: Subject: What is wrong with these pf rules? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: leon@trusc.net List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jan 2006 17:58:02 -0000 binat on $dig_if from $dmz_srv to any -> $dig_ip2 binat on $dsl1_if from $dmz_srv to any -> $dsl1_ip2 binat on $dsl2_if from $dmz_srv to any -> $dsl2_ip2 rdr on $dig_if inet proto tcp from any to $dig_ip2 port { 25, 80, 81, 110 } -> $dmz_srv rdr on $dsl1_if inet proto tcp from any to $dsl1_ip2 port { 25, 80, 110 } -> $dmz_srv rdr on $dsl2_if inet proto tcp from any to $dsl2_ip2 port { 25, 80, 110 } -> $dmz_srv $dig_if, $dsl1_if, dsl2_if are all connected to the net via routers. The rule works for whichever interface the default route points to. How can i get pf to return incoming connections out the same interface they arrived on? -- Regards Leon