pf rules
kalin m
kalin at el.net
Fri Jan 22 16:19:38 UTC 2010
not sure if that would affect smtp. would it? how so?
S4mmael wrote:
> If I guess your idea right, you should specify direction like this:
> pass in proto udp to any port $udp
>
> "pass proto udp to any port $udp" passes traffic in any direction
> (ingoing and outgoing).
>
> 2010/1/22 kalin m <kalin at el.net>:
>
>> hi all...
>>
>> doing testing with pf...
>>
>> how is it possible that if i have these rules below in pf.conf if i do:
>> telnet that.host.org 25
>>
>> i get:
>> Trying xx.xx.xx.xx...
>> Connected to that.host.org.
>> Escape character is '^]'.
>> ........... etc .......
>>
>>
>> pf.conf contetns:
>>
>> tcp_in = "{ www, https }"
>> ftp_in = "{ ftp }"
>> udp = "{ domain, ntp }"
>> ping = "echoreq"
>>
>> set skip on lo
>> scrub in
>>
>> antispoof for eth0 inet
>>
>> block in all
>> pass out all keep state
>> pass proto udp to any port $udp
>> pass inet proto icmp all icmp-type $ping keep state
>> pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state
>> pass proto tcp to any port ssh
>>
>>
>>
>> thanks....
>>
>>
>>
>> _______________________________________________
>> freebsd-security at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>>
>>
More information about the freebsd-security
mailing list