Thanks a lot for the tips, will keep them in mind. I have seen those states on port 53 for udp.
p.s. pf works like a charm.... just for the interest, i looked into /etc/rc.firewall and i was just terrified by it. pf looks like a breath of fresh air. On 7/31/06, Darrin Chandler <[EMAIL PROTECTED]> wrote:
On Sun, Jul 30, 2006 at 09:33:15PM +0000, Ivan Levchenko wrote: > Thanks, i have "some knowledge" of these things (at least i have been > reading the man pages for pf and altq, and the openbsd pf faq =) .. > > like always ... there is still more reading ahead. > > thanks. The thing that I forgot to mention is that pf tries to keep state for udp and icmp, even though these are not strictly stateful protocols. So there are "state" entries that you will not find any information about if you go read about icmp or udp. For instance, if you have a default "block in" rule, but a "pass out icmp keep state" and you send out a ping (icmp echo-request) then pf will create a state waiting for the echo reply and let it in. The same goes for udp, which is often seen on port 53 for DNS. It's good that you want to know what is going on and are learning. Too many people do not. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
-- Best Regards, Ivan Levchenko Manager of Programming department [EMAIL PROTECTED] [EMAIL PROTECTED] _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"