[FreeBSD] pf kuralları

Sat, 26 Apr 2008 01:13:49 -0700 

Merhabalar,

pf kurallarımda herşeyi blockladıktan sonra localden firewall 25,110 portlarına 
izin verdim. şimdi burda yapmak istediğim firewall makinem ve mail sunucum aynı 
makine içerideki kullanıcılarımın sadece içerideki mail sunucumla  
haberleşmesini sağlıyorum firewall kurallarında mail sunucumun dışarı çıkmasına 
izin vermeme rağmen içerideki kullanıcılarda dışarıdaki bir mail sunucuyla 
bağlantı kurabiliryor landaki kullanıcılarımın 25 ve 110 portları dışarıyla 
bağlantısını nasıl engelleyebilirim. ben kuralların en başında herşeyi 
blocklayıp sonra iç ağdan fw ye 25 ve 110 portlarını açmama rağmen neden 
dışarıya çıkar. kurallarda yapmış olduğum hatayı bulamıyorum.yardımcı olacak 
arkadaşlara şimdi den teşeker ederim.

 ###################################################
# Macros
###################################################
lan_net = "{ 10.0.0.0/24, 10.0.2.0/24, 10.0.3.0/24, 10.0.4.0/24  }"
int_if = "bge0"
ext_if = "vr0"
ext_if2 = "vr1"
ext_gw1 = "192.168.100.213"
ext_gw2 = "192.168.110.25"
fwips = "{127.0.0.1, 10.0.0.2, 192.168.100.212, 192.168.110.26}"
##################################################
#Nat Kurallari
##################################################
nat on $ext_if from $lan_net to any -> ($ext_if)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
nat on $ext_if proto tcp from self to any port smtp  tag IF2 -> ($ext_if2)
nat on $ext_if proto tcp from self to any port pop3  tag IF2 -> ($ext_if2)

rdr on $int_if proto tcp from any to any port 80 -> 10.0.0.2 port 8080

##################################################
#Kurallar
##################################################

block in log-all all
block out log-all all
pass in  quick on lo0 all
pass out quick on lo0 all

##################################################
#Lan_net ten Firewalla izin verilen Portlar
##################################################
pass in quick log on $int_if proto tcp from $lan_net to any port { 
22,25,80,110,8080,12200,443,444,53 } flags S/SA keep state
##################################################
# Firewalla izin veriliyor <E7><FD>k<FD><FE>lar
##################################################

pass out quick on $ext_if route-to ($ext_if2 $ext_gw2) tagged IF2 keep state

pass out quick log on $ext_if proto {tcp,udp} from $fwips to any  keep state
pass out quick log on $ext_if2 proto {tcp,udp} from $fwips to any  keep state

Cevap