Christopher Keeley wrote:
Dear All
I have an idea which I would like to run by developers and users alike.
Does anyone think 'pattern matching' on packets values would be
a useful addition to pf' current capabilities?
The idea would be to allow users to write simple numeric sequences
Just ran across something interesting today - I'm sorry if this has been
previously discussed.
I use Etrust antivirus on my Windows laptop. Today I was unable to get
my virus update. Etrust uses active mode ftp. The windows firewall was
blocking the return connections. I am not completely sure
Hi,
I have tried to set up a firewall with BSD (3.5).
I experimented with filtering bridge, so far ok. Now I needed a DMZ, so
I didn't want to play with two PCs, all should be in one PC. I
understand, I'd have to use a firewall with three interface cards.
Meanwhile I have read the book from Jacek
I am stumped by this pf behavior, maybe someone can shed some light.
The confusion is this:
I have the following macro set up:
it passes in, https, and mutella (6346) from the internet to my dmz.
INT_TO_DMZ = { 443, 6346, 6324 }
It seems to work, because i can attach to some gnutella servers
On Mon, 2004-08-30 at 14:18, cmustard wrote:
rule 1/0(match) block in on rl0: 84.2x.xxx.xx 192.168.3.2.6346: tcp 0 (DF)
rule 1/0(match) block in on rl0: 224.2x.xxx.xx 192.168.3.2.6346: tcp 0 (DF)
to me, this rule says it's blocking traffic on my external interface that is
comming from any
On Mon, 2004-08-30 at 12:46, [EMAIL PROTECTED] wrote:
Hi,
I have tried to set up a firewall with BSD (3.5).
I experimented with filtering bridge, so far ok. Now I needed a DMZ, so
I didn't want to play with two PCs, all should be in one PC. I
understand, I'd have to use a firewall with
hmmm, I thought that's what i did:
pass in on $EXT inet proto tcp from any to $DMZ:network \
port $INT_TO_DMZ flags S/SA keep state
#pass in on external interface (internet) to my dmz (allowed internet to dmz ports
only)
#then also udp:
pass in on $EXT inet proto udp from any to any \
port
