Re: pf rule?

Wed, 20 Jul 2011 23:32:27 -0700 

2011/7/20 fqui nonez <[email protected]>:
> 2011/7/20 Andres Perera <[email protected]>:
>> On Wed, Jul 20, 2011 at 8:49 AM, fqui nonez <[email protected]> wrote:
>
>>>>> On Wed, 20 Jul 2011 01:09:09 -0700, fqui nonez <[email protected]>
>>>>> wrote:
>>>>>> Hello
>>>>>>
>>>>>> I have a sshd/ftpd/httpd server box, 4.9 stable; and I want to log all
>>>>>> blocked packets, and send them to /var/log/pfblocklog to be read with
>>>>>> tcpdump. What and where should be the rule?
>
>>>>>> Thanks for your attention.
>>>
>>> Hello
>>>
>>> I changed it to:
>>>
>>> #    $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
>>> #
>>>
>>> set skip on lo
>>>
>>> ### Agregadas por mi: (added by me)
>>> block log
>>>
>>> pass out quick on rl0
>>>
>>> antispoof quick for rl0
>>>
>>> pass in log on rl0 proto tcp from any to port 22
>>> pass in log on rl0 proto tcp from any to port 21
>>> pass in log on rl0 proto tcp from any to port 80
>>
>> replace all three by:
>> pass in log on rl0 proto tcp to port { 21 22 80 }
>>
>>>
>>> ### Fin. (end)
>>>
>>> # filter rules and anchor for ftp-proxy(8)
>>> anchor "ftp-proxy/*"
>>> pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
>>
>> you already pass these packets before. redundant rules make pfctl
>> output hard to read, so change it to:
>> match in proto tcp to port ftp rdr-to localhost port 8021
>>
>
> Done, thanks again!
>

Hello, again.

I am receiving this message at client side :
"425 Can't build data connection: illegal port number"
then, i changed it to:

#       $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $

set skip on lo

# filter rules and anchor for ftp-proxy(8)
anchor "ftp-proxy/*"
pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021

### Agregadas por mi: (added by me)
block log

pass out quick on rl0

antispoof quick for rl0

pass in log on rl0 proto tcp from any to port {21 22 80}

### Fin. (end)

#pass           # to establish keep-state

# By default, do not permit remote connections to X11
#block in on ! lo0 proto tcp to port 6000:6010

ftpd is not working correctly with those rules; does somebody see the error?

Thanks for your attention.

Reply via email to