David Hough running ipfilt wrote: > pass in log quick proto tcp from any port = 80 to 10.0.2.0/24 port > > 1023 group > 100 > pass out log quick proto tcp from any port = 80 to 10.0.2.0/24 port > > 1023 group 151 > pass in log quick proto tcp from 10.0.2.0/24 port > 1023 to any port = > 80 group > 101 > pass out log quick proto tcp from 10.0.2.0/24 port > 1023 to any port = > 80 group 150
This is normal HTTP traffic. I suspect if you add keep state to the last two rules you shouldn't need the first two. > pass in log quick proto tcp from any port = 443 to 10.0.2.0/24 port > > 1023 group 100 > pass out log quick proto tcp from any port = 443 to 10.0.2.0/24 port > > 1023 group 151 > pass in log quick proto tcp from 10.0.2.0/24 port > 1023 to any port = > 443 group 101 > pass out log quick proto tcp from 10.0.2.0/24 port > 1023 to any port = > 443 group 150 Again - add keep state to the second two rules and I think it should suffice for the first two rules. > pass in log quick proto tcp from any port = 29900 to 10.0.2.0/24 port > > 1023 group 100 > pass out log quick proto tcp from any port = 29900 to 10.0.2.0/24 port > > 1023 group 151 > pass in log quick proto tcp from 10.0.2.0/24 port > 1023 to any port = > 29900 group 101 > pass out log quick proto tcp from 10.0.2.0/24 port > 1023 to any port = > 29900 group 150 Same thing here. Looks like it wants to make outgoing connections on 80, 443, and 29900. Nothing terribly unusual about that. -- Phil Dibowitz [EMAIL PROTECTED] Open Source software and tech docs Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "Never write it in C if you can do it in 'awk'; Never do it in 'awk' if 'sed' can handle it; Never use 'sed' when 'tr' can do the job; Never invoke 'tr' when 'cat' is sufficient; Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming
signature.asc
Description: OpenPGP digital signature
