pf vs. afp
Michael K. Smith
mksmith at adhost.com
Fri Dec 25 22:01:07 UTC 2009
You can use the ($int_if) for traffic terminating on the firewall. Any
traffic going through to another host needs to have the destination defined.
Could you include a complete copy (sanitized, of course) of your pf.conf
file? There might be something else at work but it's hard to tell without
the file.
Kind Regards,
Mike
On 12/25/09 8:13 AM, "Dánielisz László" <laszlo_danielisz at yahoo.com> wrote:
> I am using "($int_if)" for ports 22, 80 too and they are working as charm.
> This is how I defined it in my pf.conf:
> int_if="rl0"
>
> Right now I can not try it but when I'll be able I'll try your idea and than I
> will let you know how it works.
>
> Thank you!
>
>
>
> ________________________________
> From: Anh Ky Huynh <kyanh at viettug.org>
> To: Dánielisz László <laszlo_danielisz at yahoo.com>
> Cc: freebsd-pf at freebsd.org
> Sent: Fri, December 25, 2009 2:06:24 PM
> Subject: Re: pf vs. afp
>
> On Fri, 25 Dec 2009 04:33:03 -0800 (PST)
> Dánielisz László <laszlo_danielisz at yahoo.com> wrote:
>
>>
>> ________________________________
>>
>> Hello,
>>
>> It's been a while I struggeling how to deal with apf/netatalk
>> passing trough my pf rules. If I disable pf everything is working
>> great (but I still do want firewall on my server). I tried the
>> following rule but it still don't lets me in:
>>
>> pass in log on $int_if inet proto { tcp, udp } from $localnet to
>> ($int_if) port=548 flags S/SA keep state
>
> I think the problem is "($int_if)". You should use, for e.g,
>
> from $localnet to 192.168.1.123
>
>> When I try a telnet on port 548 I got "Operation timed out", in
>> pflog I can see that my Mac tries to connect but I have no clue why
>> it can't when the coresponding port is open, do you have any idea?
>
> Regards,
More information about the freebsd-pf
mailing list