Stumped with pf.conf
Odhiambo Washington
wash at wananchi.com
Tue Feb 22 16:40:25 GMT 2005
* Hexren <me at hexren.net> [20050222 19:30]: wrote:
> OW> * Kay Abendroth <kay.abendroth at raxion.net> [20050222 16:28]: wrote:
> >> Odhiambo Washington wrote:
> >> >I am a newbie to PF, running on FreeBSD 5.3-STABLE.
> >> >I would like some critique of the following pf.conf, which I am using,
> >> >but which appears to have a loophole! Some folk is accessing my port
> >> >8080, which I am thinking I have only opened to 62.8.64.0/19.
> >> [...]
> >>
> >>
> >> How do you know some are accessing? The only thing you actually log is
> >> the traffic blocked by this rule:
> >>
> >> block in log quick on $ext_if inet proto tcp from any to any flags S/SAFR
>
> OW> Hi Kay,
>
> OW> I have an application running on port 8080 of this box. That
> OW> application logs the IPs of machines accessing it, and I can see a
> OW> foreign IP accessing that service.
>
> OW> What I meant to say is that "the filter is NOT working as expected by
> OW> blocking access to disallowed hosts".
>
> OW> If you'd like to test accessing the box on that port, go ahead and
> OW> set your proxy settings to 62.8.64.13:8080 and try going to badboys.com
>
>
> ---------------------------------------------
>
> Looking over it I can't see any obvious mistakes.
> Have you enabled pf, (e.g. done "pfctl -e") ?
Yes!
> And can you provide the output of "pfctl -sr".
Gives no output.
> A good way to narrow your problem down would be to log all rules that
> pass and see which one lets outside connections in.
I am gonna try that!
Best regards,
Odhiambo Washington
Systems Admin,
Wananchi Online Ltd.
Are you hosting your domain name with the leaders??:
See http://webhosting.info/webhosts/tophosts/Country/KE
DISCLAIMER : http://ns2.wananchi.com/~wash/Email/disclaimer.txt
----------------------------------+-----------------------------------------
Odhiambo WASHINGTON . WANANCHI ONLINE LTD (Nairobi, KE)
http://www.wananchi.com/email/ . 1ere Etage, Loita Hse, Loita St.,
Mobile: (+254) 722 743 223 . # 10286, 00100 NAIROBI
----------------------------------+-----------------------------------------
L'Argent ne fait pas le bonheur! - Pepe Kalle (Ya Mpanya)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
More information about the freebsd-pf
mailing list