Re: pf block question

2005-06-18 Thread Matt Rechkemmer
On Fri, Jun 10, 2005 at 09:33:50PM +0300, Giorgos Keramidas wrote: > > Existing icmp states? > > Did you reload the rules with: > > /etc/rc.d/pf reload > > or by directly running pfctl? I tried flushing everything with pfctl -Fa, and then loading the rules with pfctl -f /etc/pf.conf. Th

Re: pf block question

2005-06-10 Thread Giorgos Keramidas
On 2005-06-09 13:48, Matt Rechkemmer <[EMAIL PROTECTED]> wrote: > On Thu, Jun 09, 2005 at 01:51:16PM +0300, Giorgos Keramidas wrote: > > > > If you add "quick" to the `block from ' rule, packets from > > these hosts will immediately be dropped -- which is what you probably > > want to do, if I have

Re: pf block question

2005-06-09 Thread Matt Rechkemmer
On Thu, Jun 09, 2005 at 01:51:16PM +0300, Giorgos Keramidas wrote: > > If you add "quick" to the `block from ' rule, packets from > these hosts will immediately be dropped -- which is what you probably > want to do, if I have understood what you wrote so far. > > - Giorgos OK, I've added quick t

Re: pf block question

2005-06-09 Thread Giorgos Keramidas
On 2005-06-09 03:18, Matt Rechkemmer <[EMAIL PROTECTED]> wrote: > On Tue, Jun 07, 2005 at 01:50:30PM +0300, Giorgos Keramidas wrote: > > > > We'd have to see the entire ruleset and a tcpdump of traffic that passes > > through to know what's wrong. > > > > - Giorgos > > Here are the rules as taken f

Re: pf block question

2005-06-09 Thread Matt Rechkemmer
On Tue, Jun 07, 2005 at 01:50:30PM +0300, Giorgos Keramidas wrote: > > We'd have to see the entire ruleset and a tcpdump of traffic that passes > through to know what's wrong. > > - Giorgos Here are the rules as taken from pfctl -sr. I can also provide a copy of pf.conf, if needed. The user's

Re: pf block question

2005-06-07 Thread Matt Rechkemmer
On Tue, Jun 07, 2005 at 07:12:43AM -0500, John Brooks wrote: > Are you sure the ruleset is loaded, and pf is enabled? > > -- > John Brooks > [EMAIL PROTECTED] Yes, pfctl -sr yields the rule right under "scrub in all." -- Matt Rechkemmer [EMAIL PROTECTED]

RE: pf block question

2005-06-07 Thread John Brooks
Are you sure the ruleset is loaded, and pf is enabled? -- John Brooks [EMAIL PROTECTED] > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Matt Rechkemmer > Sent: Tuesday, June 07, 2005 1:43 AM > To: [EMAIL PROTECTED] > Subject: pf block question > > >

Re: pf block question

2005-06-07 Thread Giorgos Keramidas
On 2005-06-06 23:43, Matt Rechkemmer <[EMAIL PROTECTED]> wrote: > So, at the very top of my pf "filter" rules, I have these rules: > > block drop in quick on fxp0 inet proto icmp from 1.3.3.7 to any > block drop in quick on fxp0 inet proto tcp from 1.3.3.7 to any > > 1.3.3.7 is a made up IP address