Stumped with pf.conf
Hexren
me at hexren.net
Tue Feb 22 17:04:06 GMT 2005
OW> * Hexren <me at hexren.net> [20050222 19:46]: wrote:
>> OW> * Hexren <me at hexren.net> [20050222 19:30]: wrote:
>> >> OW> * Kay Abendroth <kay.abendroth at raxion.net> [20050222 16:28]: wrote:
>> >> >> Odhiambo Washington wrote:
>> >> >> >I am a newbie to PF, running on FreeBSD 5.3-STABLE.
>> >> >> >I would like some critique of the following pf.conf, which I am using,
>> >> >> >but which appears to have a loophole! Some folk is accessing my port
>> >> >> >8080, which I am thinking I have only opened to 62.8.64.0/19.
>> >> >> [...]
>> >> >>
>> >> >>
>> >> >> How do you know some are accessing? The only thing you actually log is
>> >> >> the traffic blocked by this rule:
>> >> >>
>> >> >> block in log quick on $ext_if inet proto tcp from any to any flags S/SAFR
>> >>
>> >> OW> Hi Kay,
>> >>
>> >> OW> I have an application running on port 8080 of this box. That
>> >> OW> application logs the IPs of machines accessing it, and I can see a
>> >> OW> foreign IP accessing that service.
>> >>
>> >> OW> What I meant to say is that "the filter is NOT working as expected by
>> >> OW> blocking access to disallowed hosts".
>> >>
>> >> OW> If you'd like to test accessing the box on that port, go ahead and
>> >> OW> set your proxy settings to 62.8.64.13:8080 and try going to badboys.com
>> >>
>> >>
>> >> ---------------------------------------------
>> >>
>> >> Looking over it I can't see any obvious mistakes.
>> >> Have you enabled pf, (e.g. done "pfctl -e") ?
>>
>> OW> Yes!
>>
>> >> And can you provide the output of "pfctl -sr".
>>
>> OW> Gives no output.
>>
>> >> A good way to narrow your problem down would be to log all rules that
>> >> pass and see which one lets outside connections in.
>>
>> OW> I am gonna try that!
>>
>>
>> ---------------------------------------------
>>
>> Then please show "pfctl -sa"
OW> FILTER RULES:
OW> INFO:
OW> Status: Enabled for 0 days 00:08:31 Debug: Urgent
OW> Hostid: 0x13453171
OW> State Table Total Rate
OW> current entries 0
OW> searches 105399 206.3/s
OW> inserts 0 0.0/s
OW> removals 0 0.0/s
OW> Counters
OW> match 105399 206.3/s
OW> bad-offset 0 0.0/s
OW> fragment 0 0.0/s
OW> short 0 0.0/s
OW> normalize 0 0.0/s
OW> memory 0 0.0/s
OW> TIMEOUTS:
OW> tcp.first 120s
OW> tcp.opening 30s
OW> tcp.established 86400s
OW> tcp.closing 900s
OW> tcp.finwait 45s
OW> tcp.closed 90s
OW> udp.first 60s
OW> udp.single 30s
OW> udp.multiple 60s
OW> icmp.first 20s
OW> icmp.error 10s
OW> other.first 60s
OW> other.single 30s
OW> other.multiple 60s
OW> frag 30s
OW> interval 10s
OW> adaptive.start 0 states
OW> adaptive.end 0 states
OW> src.track 0s
OW> LIMITS:
OW> states hard limit 10000
OW> src-nodes hard limit 0
OW> frags hard limit 5000
>> "pfctl -sr" should output all active rules. Having no output implies
>> that you have no rules, imho. Please describe the procedure you
>> used to install your ruleset into pf.
OW> I created the file, /etc/pf.conf, checked it to be sure that at least
OW> I was understanding what I have written, then I did:
OW> pfctl -e
OW> Isn't that the way? ;)
---------------------------------------------
Indeed it is not ;)
try "pfctl -f /etc/pf.conf" that should load the configuration from
/etc/pf.conf.
Have you read the pf man pages ? You should :)
Hexren
More information about the freebsd-pf
mailing list