RE: [FreeBSD] pf.conf hatasi

[Metin Pasaoglu]

Merhaba Abdullah bey,   Konfigurasyonda “quick” kullanırken dikkat edin. Quick demek bu satir uydugu an, alt satira inmeden uygula demektir. Bu yuzden en ustte block satirlari yazmissiniz. Hem de any to any seklinde. Bunun yerine en ustte izin verdiklerinizi yazip, alta   Block in all Block out all    Seklinde ekleme yaparsaniz, ustte kurali olmayan tum paketler blocklanir.   Iyi calismalar,   Metin Paşaoğlu Security Expert Bilgi Güvenlik Tel      : +90 232 4697063 Fax     : +90 232 4697064 www.bilgiguvenlik.com     From: Abdullah OZTURK [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 21, 2006 3:26 PM To: freebsd@lists.enderunix.org Subject: [FreeBSD] pf.conf hatasi     Pf conf da boyle bir kurallar tanimladim calistirdigim zaman butun baglantilari kopariyor sadece block in all u kaldirdigim zaman gecise izin veriyor asagida gerekli izinleri verdigim halde neden blocklama yapiyor Yardimci olabilirseniz sevinirim  zira cok ugrasmama ragmen bilgi yetersizliginden bulamadim .   #1kisaltmalar; d_f="fxp0"   if="rl0"    i_n="192.168.1.0/24" da="x.x.x.x" gw="192.168.1.1" ms="192.168.1.2" ws="192.168.1.2" gp="{22,25,43,53,80,110,443,9100}" rd="192.168.1.78 " pr="192.168.1.65" ftp="{ 192.168.1.78, 192.168.1.1 }"       #17nat kurallari nat on $d_f from $i_n to any port $gp -> $da   #27bloklamalar; block in all block out all block in log quick on $d_f proto tcp from any to any flags SF/SFRA block in log quick on $d_f proto tcp from any to any flags /SFRA block in log quick on $d_f from $i_n to any block in log quick on $d_f from any to $i_n   #35izinler; pass in quick on lo0 all pass out quick on lo0 all pass in on  $if  from $i_n to $gw pass in quick on $d_f  proto tcp from any to any port ssh flags S/SA keep state pass in quick on $if  proto tcp from any to any port ssh pass in log on $if inet proto tcp from $ftp  to any port 21 keep state pass in  on $if inet proto tcp from any to 127.0.0.1 port 3128 keep state pass out on $d_f inet proto tcp from any to any port www keep state pass in log on $d_f proto { tcp, udp } from any to any port 80 keep state       -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.2.6/286 - Release Date: 3/20/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.2.6/286 - Release Date: 3/20/2006