scrub in all fragment reassemble
block drop in on ! lo inet from 127.0.0.0/8 to any
block drop in on ! lo inet6 from ::1 to any
block drop in inet6 from ::1 to any
block drop in on lo0 inet6 from fe80::1 to any
block drop in on vr0 inet6 from fe80::211:d8ff:fef8:a192 to any
block drop in on rl0
retificando:
scrub in all fragment reassemble
block drop in on ! lo inet from 127.0.0.0/8 to any
block drop in on ! lo inet6 from ::1 to any
block drop in inet6 from ::1 to any
block drop in on lo0 inet6 from fe80::1 to any
block drop in on vr0 inet6 from fe80::211:d8ff:fef8:a192 to any
block
Acho que seria interessante você rever as regras implementando o quick.
Você pode fazer um teste movendo a regra abaixo pra depois do scrub
e antes dos block, pra verificar se o ssh passa a funcionar?
pass in on vr0 proto tcp from any to any port = ssh flags S/SA keep
Assim:
Em 2008/5/16
Galera, montei essas regras no pf para um firewall bem simples mas não
estou conseguindo acessar o ssh pela rede interna, alguém pode me dizer
que cagada eu fiz?
# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
#
Envie a saída do comando:
pfctl -s rules
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
5 matches
Mail list logo