On Sun, 20 Feb 2005 11:42:41 -0700, Pat Maddox [EMAIL PROTECTED]
I'd still like to find a good example config file that works well for
a web server.
I posted an easy to adapt config file 3 days ago, haven't you seen it?
___
On Mon, Feb 14, 2005 at 09:32:25PM -0700, Pat Maddox wrote:
I want to install a firewall on my system. First of all, is PF the
one I should be using? It seems to get the most recommendations.
I don't actually seem to have any problems configuring it - I just
have some problems testing the
On Sun, 20 Feb 2005 06:23:39 -0800, Loren M. Lang [EMAIL PROTECTED] wrote:
On Mon, Feb 14, 2005 at 09:32:25PM -0700, Pat Maddox wrote:
I want to install a firewall on my system. First of all, is PF the
one I should be using? It seems to get the most recommendations.
I don't actually
On Fri, 18 Feb 2005 00:28:30 -0700, Pat Maddox [EMAIL PROTECTED] wrote:
Can you guys let me know if this looks like a good conf file? I've
got web, mail, ftp, ssh, and DNS that I need to have open.
# Macros
ext_if=fxp0
SYN_ONLY=S/FSRA
tcp_services = { 21, 22, 25, 53, 80, 143 }
icmp_types
On Wed, 16 Feb 2005 19:18:17 -0700, Pat Maddox [EMAIL PROTECTED] wrote:
I've managed to come up with something that works so far. I am having
two problems though.
The first is that I can't authenticate for IMAP anymore. No clue why,
it just keeps rejecting my password. maillog shows
Can you guys let me know if this looks like a good conf file? I've
got web, mail, ftp, ssh, and DNS that I need to have open.
# Macros
ext_if=fxp0
SYN_ONLY=S/FSRA
tcp_services = { 21, 22, 25, 53, 80, 143 }
icmp_types = echoreq
# Default deny
block all
## Filtering rules
# Default TCP policy
Hi Pat,
Is there any place I can find a good default ruleset for a server, and
just change what ports I want open?
pf originates at openbsd. There you'll find lots of documentation, the
pf-faq, and the (as always in the BSD world) excellent manpages.
In addition there's the pf-repository at:
I've managed to come up with something that works so far. I am having
two problems though.
The first is that I can't authenticate for IMAP anymore. No clue why,
it just keeps rejecting my password. maillog shows imapd: LOGIN
FAILED, that's it.
Also, after enabling pf, all my UDP ports show as
I want to install a firewall on my system. First of all, is PF the
one I should be using? It seems to get the most recommendations.
I don't actually seem to have any problems configuring it - I just
have some problems testing the configuration. I can ssh to the box,
and I can access port
quickly see what's up. When PF is disabled, I can nmap it in about 9
seconds. When I turn it on, it takes over 3 minutes to do. These
machines are on the same network, so the connection is obviously fast.
I believe this is becuase nmap is having to wait on the connections to
time out. If
Is there any place I can find a good default ruleset for a server, and
just change what ports I want open?
Also, I've noticed that some rulesets will have different flags and
keep state on for certain TCP ports, but not others. For example, at
https://www.section6.net/help/pf.php I found:
11 matches
Mail list logo
