On 05/08/2012 03:21 AM, Nathan, Josh wrote: > Well, I think I've solved the problem, but I don't know if there's a > more elegant solution or not. With PF running, I a ran "iptables -L -n > -v --line-numbers" so I could see what rules were in place. Then within > the iptables.conf file in /usr/local/pf/conf I added the following lines > under "forward-internal-inline-if": > > -I forward-internal-inline-if 3 --protocol udp --match udp > --destination-port 53 --jump DROP > -I forward-internal-inline-if 4 --protocol tcp --match tcp > --destination-port 53 --jump DROP > > Since I'm only using Inline mode, I didn't worry about putting it > anywhere else in the file. If there's a way to have these automatically > entered via a setting in the pf.conf or network.conf file (or better > yet, through the web interface), please let me know.
No, conf/iptables.conf is the 'official way' to modify default firewall configuration. -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
