on getting the web traffic to work first.
I've changed rule #1 as you can see below but pf returns a syntax error.
# redirect www trafic to proxy
rdr in on $int_if inet proto tcp from !$proxy to any port
$proxy_services - $proxy $proxyport tag rdr_proxy
My variables are:
proxy = 172.18.0.1
packets by pf in order to set packet's TOS bit (packets which comes from
IPFW).
have you any suggestion?
thanks for your attention
sam
On Thu, Nov 8, 2012 at 4:11 PM, takCoder tak.offic...@gmail.com wrote:
hey sam,
i don't know the exact answer for your question.. but a question
On 30 Nov 2012, at 08:30, Leslie Jensen les...@eskk.nu wrote:
Damien Fleuriot skrev 2012-11-29 00:28:
On 27 November 2012 22:01, Leslie Jensen les...@eskk.nu wrote:
Well, that depends on what you want to do.
If you want FTP traffic to go to ftp-proxy running on the firewall,
On 27 November 2012 22:01, Leslie Jensen les...@eskk.nu wrote:
Volodymyr Kostyrko skrev 2012-11-26 21:50:
26.11.2012 20:40, Leslie Jensen:
Rules from pf.conf
# macros
ext_if=xl0
int_if=bge0
tcp_services={ 22, 993, 5910:5917 }
Volodymyr Kostyrko skrev 2012-11-26 21:50:
rdr pass proto tcp from any to any port ftp - 127.0.0.1 port 8021
# redirect www trafic to proxy
rdr on $int_if inet proto tcp from $internal_net to any port
$proxy_services - $proxy port 8080
I could be wrong here but I think you have a loop.
[...]
Rules from pf.conf
# macros
ext_if=xl0
int_if=bge0
tcp_services={ 22, 993, 5910:5917 }
tcp_priv_services={ 389, 443 }
proxy_services = { 21, 80 }
icmp_types={ echoreq unreach squench timex }
internal_net = 172.18.0.0/16
proxy =
On Nov 27, 2012, at 6:34 PM, Doug Sampson do...@dawnsign.com wrote:
[...]
Rules from pf.conf
# macros
ext_if=xl0
int_if=bge0
tcp_services={ 22, 993, 5910:5917 }
tcp_priv_services={ 389, 443 }
proxy_services = { 21, 80 }
icmp_types={
Doug Sampson skrev 2012-11-27 18:34:
[...]
Rules from pf.conf
# macros
ext_if=xl0
int_if=bge0
tcp_services={ 22, 993, 5910:5917 }
tcp_priv_services={ 389, 443 }
proxy_services = { 21, 80 }
icmp_types={ echoreq unreach squench timex }
Volodymyr Kostyrko skrev 2012-11-26 21:50:
26.11.2012 20:40, Leslie Jensen:
Rules from pf.conf
# macros
ext_if=xl0
int_if=bge0
tcp_services={ 22, 993, 5910:5917 }
tcp_priv_services={ 389, 443 }
proxy_services = { 21, 80 }
icmp_types={ echoreq
24.11.2012 17:39, Leslie Jensen:
I've upgraded squid from 3.1 to 3.2. Starting squid 3.2 with the same
configuration file now gives me errors in cache.log when one tries to
access any site, and of course no access!
2012/11/24 16:24:56 kid1| WARNING: Forwarding loop detected for:
Reverting
26.11.2012 20:40, Leslie Jensen:
Rules from pf.conf
# macros
ext_if=xl0
int_if=bge0
tcp_services={ 22, 993, 5910:5917 }
tcp_priv_services={ 389, 443 }
proxy_services = { 21, 80 }
icmp_types={ echoreq unreach squench timex }
internal_net =
I've upgraded squid from 3.1 to 3.2. Starting squid 3.2 with the same
configuration file now gives me errors in cache.log when one tries to
access any site, and of course no access!
2012/11/24 16:24:56 kid1| WARNING: Forwarding loop detected for:
Reverting back to 3.1 works.
I know there
On 23/11/2012 15:58, Fleuriot Damien wrote:
On Nov 23, 2012, at 3:46 PM, David Demelier demelier.da...@gmail.com wrote:
Hello,
I would like to disable the network traffic for specific IPs, for the
moment I just add to my pf.conf a rule that will block everything for a
specified table like
Hello,
I would like to disable the network traffic for specific IPs, for the
moment I just add to my pf.conf a rule that will block everything for a
specified table like this :
table closed
[...] others rules [...]
block from closed
Then I just need to add my IP using pfctl, it will works, no
On Nov 23, 2012, at 3:46 PM, David Demelier demelier.da...@gmail.com wrote:
Hello,
I would like to disable the network traffic for specific IPs, for the
moment I just add to my pf.conf a rule that will block everything for a
specified table like this :
table closed
[...] others rules
hello guys
i have a problem with getting packets which are diverted to a specific port
by PF. i mean i diverted my packets to a specific port by IPFW and want to
get these packets by PF to change them.
i used ipfw add 1000 divert 8000 all form any to any command to divert my
packets. how can i
:
hello guys
i have a problem with getting packets which are diverted to a specific port
by PF. i mean i diverted my packets to a specific port by IPFW and want to
get these packets by PF to change them.
i used ipfw add 1000 divert 8000 all form any to any command to divert my
packets. how can i
dear takcoder
maybe you are right but now it is not important for me. i want to get
packets by pf in order to set packet's TOS bit (packets which comes from
IPFW).
have you any suggestion?
thanks for your attention
sam
On Thu, Nov 8, 2012 at 4:11 PM, takCoder tak.offic...@gmail.com wrote
Hi. I've got a server running pf that has been displaying some odd (at least to
me) behavior.
I use the synproxy state[1] option quite a few times in my config without any
ill effects that I've noticed until now. I realized it was on every open port
except for ssh, so I added it to my ssh line
On Fri, Nov 09, 2012 at 05:40:16AM +, Anders N. wrote:
A Hi. I've got a server running pf that has been displaying some odd (at least
to me) behavior.
A
A I use the synproxy state[1] option quite a few times in my config without
any ill effects that I've noticed until now. I realized
hello every body
i want to mark some of my packets (by tag, mark, divert or anything else)
in IPFW and recognize these packets in PF in the same system.
please let me know if it is possible and how i can do that.
i have freebsd 8.2. if it is impossible in freebsd 8.2, what about freebsd
9? can
Hello,
If I need to recompile pfctl and snmp_pf, would I run 'make clean',
'make', and 'make install' in /usr/src/usr.sbin/bsnmpd/modules/snmp_pf
and /usr/src/sbin/pfctl? Is either of the directories incorrect
or some other combination of make calls required there?
Thank you,
Darrel
Hello,
If I need to recompile pfctl and snmp_pf, would I run 'make clean',
'make', and 'make install' in /usr/src/usr.sbin/bsnmpd/modules/snmp_pf
and /usr/src/sbin/pfctl? Is either of the directories incorrect
or some other combination of make calls required there?
Oh, forgot to mention.
[HEADS UP] merging projects/pf into head
Some good news:
http://lists.freebsd.org/pipermail/freebsd-pf/2012-September/006740.html
___
freebsd-questions@freebsd.org
Hi folks,
I've little questions about RDR using Packet Filter (PF), I used IPF
(IPFILTER) before and success with this scenario.
extif = outside interface
intif = internal interface
public_ip = 202.xxx.xxx.xxx
client_create = 192.168.1.1, port = 6112
client_join = 192.168.1.2
for outside
17.08.2012, 20:54, Darren Baginski kick...@yandex.ru:
Hi list!
Could you please point me how can I set DSCP/TOS bits for outgoing packets
using pf ?
I would like to mark all packets going to the specific port marked with DSCP
CS3.
Can't believe no one is aware
Hi list!
Could you please point me how can I set DSCP/TOS bits for outgoing packets
using pf ?
I would like to mark all packets going to the specific port marked with DSCP
CS3.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org
Hi.
I'm running a small VPN for ~10 office users. Upon upgrading the machine from
8.3 to 9.0 yesterday, it became
impossible for users to connect to the VPN. I've tried everything I can think
of to track down the problem and it
seems (although I may be mistaken) to be something to do with pf
I have some trouble with pf on freebsd bridge.
Network topology:
( untrust ) -- { em0 , bridge0 , em1 } -- ( trust )
Bridge Network: 10.1.1.0/24
bridge0 IP: 10.1.1.1 ( freebsd's ip )
default gw: 10.1.1.254 ( in untrust area )
server: 10.1.1.101 ~ 200 ( in trust area )
pf.conf on freebsd
To solve the ftp pre 4.7 part, you can start reading here
http://home.nuug.no/~peter/pf/en/long-firewall.html#FTPPROBLEM
/Hasse
-Oprindelig meddelelse-
Fra: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd-questi...@freebsd.org] På vegne af Fbsd8
Sendt: den 16 april 2012 04:31
On Mon, Apr 16, 2012 at 09:39:38AM +0200, Hasse Hansson wrote:
To solve the ftp pre 4.7 part, you can start reading here
http://home.nuug.no/~peter/pf/en/long-firewall.html#FTPPROBLEM
/Hasse
-Oprindelig meddelelse-
Fra: owner-freebsd-questi...@freebsd.org
[mailto:owner-freebsd
There's also web available manuals for probably every release of OpenBSD here:
http://www.openbsd.org/cgi-bin/man.cgi
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.confmanpath=OpenBSD+4.5
___
freebsd-questions@freebsd.org mailing list
Running 9.0 as a gateway host with pf firewall enabled.
FTP is launched by inetd.
Both active and passive ftp works from lan pc's to the host ftp.
The lan ftp session can be initiated from the host or any lan pc and
things work because there are no rules on the lan interface except
single pass
Fbsd8 wrote:
Running 9.0 as a gateway host with pf firewall enabled.
FTP is launched by inetd.
Both active and passive ftp works from lan pc's to the host ftp.
The lan ftp session can be initiated from the host or any lan pc and
things work because there are no rules on the lan interface except
Mike Tancsa wrote:
On 4/11/2012 8:34 PM, Fbsd8 wrote:
In the pf log I see the rule number of the rule used to create the log
file entry. pfctl -sr command does not list the rule number of each rule
it lists.
Hi,
Try pfctl -sr -vv
---Mike
Thanks the -vv printed the rule number
In the pf log I see the rule number of the rule used to create the log
file entry. pfctl -sr command does not list the rule number of each rule
it lists.
So my question is how do I relate the rule number shown in the log
listing back to the text rule file rules
On 4/11/2012 8:34 PM, Fbsd8 wrote:
In the pf log I see the rule number of the rule used to create the log
file entry. pfctl -sr command does not list the rule number of each rule
it lists.
Hi,
Try pfctl -sr -vv
---Mike
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex
man 4 enc
On Tue, Jan 3, 2012 at 8:30 PM, Edward Carrel aza...@carrel.org wrote:
On Jan 3, 2012, at 12:12 AM, Damien Fleuriot wrote:
Thinking -pf@ or -net@ would be a better place to discuss this, more chances
of getting an answer.
I was wondering about that. I'll send my question to -net
Thinking -pf@ or -net@ would be a better place to discuss this, more chances of
getting an answer.
Out of curiosity why not use a gif interface ?
I had that working just fine with racoon and was able to actually firewall
traffic on it with PF, iirc
Hi freebsd-questions,
I am running into a roadblock getting PF to filter traffic on a Netgraph
interface representing an L2TP/IPSec connection. I have done some narrowing
down of the problem, but was hoping to get some advice on figuring out
where to go digging next, or things to try.
Also
On 01/03/12 16:17, Ed Carrel wrote:
Hi freebsd-questions,
I am running into a roadblock getting PF to filter traffic on a Netgraph
interface representing an L2TP/IPSec connection. I have done some narrowing
down of the problem, but was hoping to get some advice on figuring out
where to go
On Thu, 15 Dec 2011 12:52:15 -0500
Maxim Khitrov wrote:
On Tue, Dec 13, 2011 at 8:15 AM, RW rwmailli...@googlemail.com
wrote:
It's about latency, realtime has priority over non-realtime.
I sort of understand this, but I can't figure out how that would apply
to my example:
altq on $wan
Hello,
I'm setting up pf with altq support in my kernel on freebsd 9.0-Stable
(soon to switch to the -RELEASE once it's available).
The system is a quad-core Xeon E31220, running amd64.
I've done a bit of googling and found various results. I know the
freebsd handbook says ALTQ_NOPCC is required
On Tue, Dec 13, 2011 at 8:15 AM, RW rwmailli...@googlemail.com wrote:
On Mon, 12 Dec 2011 21:51:39 -0500
Maxim Khitrov wrote:
I've read everything I could find on the topic of configuring hfsc
altq in pf (4.5, FreeBSD 9), but I still have no clear idea of how it
is actually implemented. I
APseudoUtopia wrote:
Hello,
I'm setting up pf with altq support in my kernel on freebsd 9.0-Stable
(soon to switch to the -RELEASE once it's available).
The system is a quad-core Xeon E31220, running amd64.
I've done a bit of googling and found various results. I know the
freebsd handbook
On Mon, 12 Dec 2011 21:51:39 -0500
Maxim Khitrov wrote:
I've read everything I could find on the topic of configuring hfsc
altq in pf (4.5, FreeBSD 9), but I still have no clear idea of how it
is actually implemented. I even started looking through the source
code, but that might take a while
I've read everything I could find on the topic of configuring hfsc
altq in pf (4.5, FreeBSD 9), but I still have no clear idea of how it
is actually implemented. I even started looking through the source
code, but that might take a while. My main questions are:
1. Difference between 'realtime
--- Original message ---
From: Damien Fleuriot m...@my.gd
To: Mark Moellering m...@msen.com
Date: 30 November 2011, 21:11:19
Subject: Re: pf rdr (redirect) syntax solved
On 30 Nov 2011, at 17:49, Mark Moellering m...@msen.com wrote:
My apologies for posting an answer without
My apologies for posting an answer without a question but this is
something I want searchable in the future.
To use redirection ( rdr ) in pf, you MUST specify an ip address or
interface.
For example, if you want to force external traffic coming in on port 80
to port 443 and write this;
rdr
On Wed, Nov 30, 2011 at 11:49 AM, Mark Moellering m...@msen.com wrote:
My apologies for posting an answer without a question but this is something
I want searchable in the future.
To use redirection ( rdr ) in pf, you MUST specify an ip address or
interface.
For example, if you want to force
On 30 Nov 2011, at 17:49, Mark Moellering m...@msen.com wrote:
My apologies for posting an answer without a question but this is something I
want searchable in the future.
To use redirection ( rdr ) in pf, you MUST specify an ip address or interface.
For example, if you want to force
to be initiated from a more secure interface to a less secure
interface and not vice versa).
Sorry, you can't do this with pf, ipf or ipfw (the 3 firewalls in
FreeBSD). There is no concept of security level at all, you must specify
on each interface the traffic allowed (in input and output).
My
Nikos Vassiliadis wrote:
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only (and back).
I need no details, just a general hint
Le Mon, 10 Oct 2011 14:10:53 +0700,
Victor Sudakov suda...@sibptus.tomsk.ru a écrit :
The problem is, there could be several routed networks behind the
inside interfaces. Not all inside networks are directly connected, and
the :network macro works only for directly connected interfaces,
Le Sun, 9 Oct 2011 12:15:54 +0700,
Victor Sudakov v...@mpeks.tomsk.su a écrit :
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only
Patrick Lamaiziere wrote:
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only (and back).
I need no details, just a
question (allowing
traffic to be initiated from a more secure interface to a less secure
interface and not vice versa).
Sorry, you can't do this with pf, ipf or ipfw (the 3 firewalls in
FreeBSD). There is no concept of security level at all, you must specify
on each interface the traffic allowed
.
Excuse me, I do not see how this is relevant to my question (allowing
traffic to be initiated from a more secure interface to a less secure
interface and not vice versa).
Sorry, you can't do this with pf, ipf or ipfw (the 3 firewalls in
FreeBSD). There is no concept of security level at all
On 10/9/2011 10:39 AM, Victor Sudakov wrote:
Patrick Lamaiziere wrote:
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only (and
a more secure interface to a less secure
interface and not vice versa).
Sorry, you can't do this with pf, ipf or ipfw (the 3 firewalls in
FreeBSD). There is no concept of security level at all, you must specify
on each interface the traffic allowed (in input and output).
Actually you can
Colleagues,
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only (and back).
I need no details, just a general hint how to setup such
List,
Is there an easy way to find out what version of PF a given FreeBSD version is
using? Currently I'm doing this:
grep -iE '\bpf\b' /usr/src/UPDATING
Just wondering if I'm missing something. I didn't see any '--version'
flag in pfctl.
-Modulok
On 21/09/2011 07:34, Modulok wrote:
Is there an easy way to find out what version of PF a given FreeBSD version is
using? Currently I'm doing this:
grep -iE '\bpf\b' /usr/src/UPDATING
Just wondering if I'm missing something. I didn't see any '--version'
flag in pfctl.
Uh -- bpf
On 21/09/2011 08:34, Matthew Seaman wrote:
On 21/09/2011 07:34, Modulok wrote:
Is there an easy way to find out what version of PF a given FreeBSD version
is
using? Currently I'm doing this:
grep -iE '\bpf\b' /usr/src/UPDATING
Just wondering if I'm missing something. I didn't see any
On 21 September 2011 09:05, Matthew Seaman
m.sea...@infracaninophile.co.ukwrote:
On 21/09/2011 08:34, Matthew Seaman wrote:
On 21/09/2011 07:34, Modulok wrote:
Is there an easy way to find out what version of PF a given FreeBSD
version is
using? Currently I'm doing this:
grep -iE
On 21/09/2011 09:17, krad wrote:
If its been syncd to openbsd 4.5 version of pf, its still quite a way behind
openbsd's version in the latest release as they are not on 4.9 with 5.0
imminent. Looking at the docs there were quite a lot of changes when openbsd
was bumped to 4.7
Yes. However I
Hi folks, I have the following pf.conf on FreeBSD 8.1-RELEASE *and* 8.2-RELEASE
===
set block-policy return
set skip on lo
int_if=bge1
ext_if=bge0
dup_if=dc0
# NAT rule
nat on $ext_if from $int_if:network to any - ($ext_if) sticky-address
#
# Windows RDP
Hi all,
I am trying to use pf nat rules with pool support on FreeBsd 8.0, working
together with ipfw as the main firewall. According to the natting concepts i
faced in manuals and docs, nat concept is to map the source address to the
natted address when sending the packets from that source
Hello
I use pf on freebsd as packet filter.
I have a wireless area. The users get to the internet using automatic ip
from the dhcp server.
I wish to deny to assign a static ip address by manual.
How can I do that with pf or ipfw or another thing?
thanks
On 07/26/2011 12:44 PM, Yavuz Maşlak wrote:
Hello
I use pf on freebsd as packet filter.
I have a wireless area. The users get to the internet using automatic ip
from the dhcp server.
I wish to deny to assign a static ip address by manual.
How can I do that with pf or ipfw or another
On 26/07/2011 11:44, Yavuz Maşlak wrote:
I use pf on freebsd as packet filter.
I have a wireless area. The users get to the internet using automatic ip
from the dhcp server.
I wish to deny to assign a static ip address by manual.
How can I do that with pf or ipfw or another thing
2011/7/26 Matthew Seaman m.sea...@infracaninophile.co.uk
On 26/07/2011 11:44, Yavuz Maşlak wrote:
I use pf on freebsd as packet filter.
I have a wireless area. The users get to the internet using automatic ip
from the dhcp server.
I wish to deny to assign a static ip address by manual
On Tue, July 26, 2011 9:01 am, Chuck Swiger wrote:
On Jul 26, 2011, at 3:44 AM, Yavuz MaÅlak wrote:
I use pf on freebsd as packet filter.
I have a wireless area. The users get to the internet using automatic ip
from the dhcp server.
I wish to deny to assign a static ip address by manual
Hi;
I have the following scenario.
FreeBSD 8.2-STABLE FreeBSD 8.2-STABLE #0: Thu May 19 19:53:59 BRT 2011
i386
I want to be able to connect to any of the 2 external IPs this machine has.
### pf.conf excerpt
ext_if1 = sis0 (1M link. default gateway)
ext_if2 = rl0 (2M link)
aln_if = dc0
On Wednesday 13 July 2011 10:26:59 Mario Lobo wrote:
Hi;
I have the following scenario.
FreeBSD 8.2-STABLE FreeBSD 8.2-STABLE #0: Thu May 19 19:53:59 BRT 2011
i386
I want to be able to connect to any of the 2 external IPs this machine has.
### pf.conf excerpt
ext_if1 = sis0 (1M
On Wed, Feb 09, 2011 at 09:08:53AM +1000, Da Rock wrote:
On 02/09/11 01:18, Daniel Bye wrote:
On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote:
A very quick question.
PF firewall. One static public IP. About 6 servers on the internal
network (dmz). One server binat
On 02/09/11 21:16, Daniel Bye wrote:
On Wed, Feb 09, 2011 at 09:08:53AM +1000, Da Rock wrote:
On 02/09/11 01:18, Daniel Bye wrote:
On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote:
A very quick question.
PF firewall. One static public IP. About 6 servers
quick question.
PF firewall. One static public IP. About 6 servers on the internal
network (dmz). One server binat in the pf.conf, the rest redirected.
Possible? Or would it die in the hole?
I guess you're concerned about performance and resource usage? If so,
this
may be helpful.
http
:
On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote:
A very quick question.
PF firewall. One static public IP. About 6 servers on the internal
network (dmz). One server binat in the pf.conf, the rest redirected.
Possible? Or would it die in the hole?
I guess
:08:53AM +1000, Da Rock wrote:
On 02/09/11 01:18, Daniel Bye wrote:
On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote:
A very quick question.
PF firewall. One static public IP. About 6 servers on the internal
network (dmz). One server binat in the pf.conf, the rest redirected
A very quick question.
PF firewall. One static public IP. About 6 servers on the internal
network (dmz). One server binat in the pf.conf, the rest redirected.
Possible? Or would it die in the hole?
TIA
___
freebsd-questions@freebsd.org mailing list
On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote:
A very quick question.
PF firewall. One static public IP. About 6 servers on the internal
network (dmz). One server binat in the pf.conf, the rest redirected.
Possible? Or would it die in the hole?
I guess you're concerned about
On 02/09/11 01:18, Daniel Bye wrote:
On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote:
A very quick question.
PF firewall. One static public IP. About 6 servers on the internal
network (dmz). One server binat in the pf.conf, the rest redirected.
Possible? Or would it die
deploy without a pf
reference handy.
Regarding 1) and 2), the longer answer is that I like to control
traffic flow. I don't want to allow inbound connections on the
external interface and I don't have a need for the firewall to connect
to machines inside the NAT. On my bridges I'll set skip
Le Sat, 29 Jan 2011 12:39:18 +1000,
Da Rock freebsd-questi...@herveybayaustralia.com.au a écrit :
I spent some time playing with pf and pf.conf, and followed the
directions in the handbook. It redirected me to the openbsd site for
pf.conf, and recommended it as the most comprehensive
On 01/31/11 20:30, Patrick Lamaiziere wrote:
Le Sat, 29 Jan 2011 12:39:18 +1000,
Da Rockfreebsd-questi...@herveybayaustralia.com.au a écrit :
I spent some time playing with pf and pf.conf, and followed the
directions in the handbook. It redirected me to the openbsd site for
pf.conf
if I'm allowing everything out on the external interface?
3) why not pass everything on the internal interface and then filter
on the external?
The shortest answer is because I happen to like that starting point
and it serves as a syntactical reminder if I deploy without a pf
reference handy
suitability, how else does one learn if not through practice?
On 1/29/11, Da Rockfreebsd-questi...@herveybayaustralia.com.au wrote:
I spent some time playing with pf and pf.conf, and followed the
directions in the handbook. It redirected me to the openbsd site for
pf.conf, and recommended
I spent some time playing with pf and pf.conf, and followed the
directions in the handbook. It redirected me to the openbsd site for
pf.conf, and recommended it as the most comprehensive documentation for pf.
Firstly, I didn't find that. I had to translate the instructions into
the current
4.8 and the version of pf that's in FreeBSD is quite a
bit older.
http://marc.info/?l=openbsd-miscm=128938065524891w=2
kmw
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any
Because Peter made mention on misc@ that the second edition was geared
towards OpenBSD 4.8 and the version of pf that's in FreeBSD is quite a
bit older.
http://marc.info/?l=openbsd-miscm=128938065524891w=2
Hi
In the second edition there are also reference and syntax of previous
version
Modulok modu...@gmail.com writes:
This book comes in two editions. The first was published in December
2007, the second, November, 2010. Does anyone have this? And if so
would I be correct to get the first edition instead? I know FreeBSD's
pf lags being openBSD's, so I'm not sure which
FreeBSD's
pf lags being openBSD's, so I'm not sure which version of the book to
get, if either are applicable to the version of pf that FreeBSD runs?
(FreeBSD 8.1)
I started updating the text for the 2nd edition due to the changes
introduced in OpenBSD 4.7, (aka Henning's monster diff) plus a few
On Mon, Jan 17, 2011 at 10:37 PM, Modulok modu...@gmail.com wrote:
List,
The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall
This book comes in two editions. The first was published in December
2007, the second, November, 2010. Does anyone have this? And if so
would I be correct
On Tue, Jan 18, 2011 at 9:25 AM, Adam Vande More amvandem...@gmail.com wrote:
On Mon, Jan 17, 2011 at 10:37 PM, Modulok modu...@gmail.com wrote:
List,
The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall
This book comes in two editions. The first was published in December
2007
No. The second edition also includes the syntax for FreeBSD 8.x.(It
also includes the old sytnax for OpenBSD as well as the new syntax)
--
chs,
Thank you! That's what I needed to know.
-Modulok-
___
freebsd-questions@freebsd.org mailing list
On 17 January 2011 23:37, Modulok modu...@gmail.com wrote:
Or perhaps someone could suggest something else? I read the examples
and basic handbook for pf, but wanted a bit more. I'm going to be
tacking a firewall project coming up and need to be well prepared.
Suggested readings appreciated
On Tue, Jan 18, 2011 at 7:35 PM, Kevin Wilcox kevin.wil...@gmail.com wrote:
1) Definitely get the first version
Oh, why?
--
chs,
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To
List,
The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall
This book comes in two editions. The first was published in December
2007, the second, November, 2010. Does anyone have this? And if so
would I be correct to get the first edition instead? I know FreeBSD's
pf lags being openBSD's
___
Since I am going to be setting up a mail server sometime next week and
have to keep things like this in mind;
would it make sense to run pf and block all outbound traffic that isn't
on port 25 ( port 995 , etc) and force any web administration programs
onto a port other than 80 to help
1 - 100 of 1112 matches
Mail list logo