Matthew Seaman wrote:
I need no details, just a general hint how to setup such security
levels, preferably independent of actual IP addressses behind the
interfaces (a :network macro is not always sufficient).
You may use urpf-failed instead :network
urpf-failed: Any
Nikos Vassiliadis wrote:
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only (and back).
I need no details, just a general hint
Le Mon, 10 Oct 2011 14:10:53 +0700,
Victor Sudakov suda...@sibptus.tomsk.ru a écrit :
The problem is, there could be several routed networks behind the
inside interfaces. Not all inside networks are directly connected, and
the :network macro works only for directly connected interfaces,
Le Sun, 9 Oct 2011 12:15:54 +0700,
Victor Sudakov v...@mpeks.tomsk.su a écrit :
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only
Patrick Lamaiziere wrote:
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only (and back).
I need no details, just a
Le Sun, 9 Oct 2011 14:39:10 +0700,
Victor Sudakov v...@mpeks.tomsk.su a écrit :
I need no details, just a general hint how to setup such security
levels, preferably independent of actual IP addressses behind the
interfaces (a :network macro is not always sufficient).
You may use
On 09/10/2011 10:31, Patrick Lamaiziere wrote:
Le Sun, 9 Oct 2011 14:39:10 +0700,
Victor Sudakov v...@mpeks.tomsk.su a écrit :
I need no details, just a general hint how to setup such security
levels, preferably independent of actual IP addressses behind the
interfaces (a :network
On 10/9/2011 10:39 AM, Victor Sudakov wrote:
Patrick Lamaiziere wrote:
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only (and
Patrick Lamaiziere wrote:
I need no details, just a general hint how to setup such security
levels, preferably independent of actual IP addressses behind the
interfaces (a :network macro is not always sufficient).
You may use urpf-failed instead :network
urpf-failed: Any
Colleagues,
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only (and back).
I need no details, just a general hint how to setup such
I'm pulling my hair out here. I've been working on this for days without
any success.
I've whittled the ruleset down to the barest possible rules and even that
doesn't work. I'm at my wits end. I would really appreciate it if someone
could show me where i'm being a complete and total moron.
On Sunday 09 March 2008 08:22:07 am erik Wilson wrote:
I'm pulling my hair out here. I've been working on this for days without
any success.
I've whittled the ruleset down to the barest possible rules and even that
doesn't work. I'm at my wits end. I would really appreciate it if someone
erik Wilson wrote:
I'm pulling my hair out here. I've been working on this for days without
any success.
I've whittled the ruleset down to the barest possible rules and even that
doesn't work. I'm at my wits end. I would really appreciate it if someone
could show me where i'm being a complete
On Sun, Mar 9, 2008 at 3:20 PM, Erik Norgaard [EMAIL PROTECTED] wrote:
erik Wilson wrote:
I'm pulling my hair out here. I've been working on this for days without
any success.
I've whittled the ruleset down to the barest possible rules and even
that
doesn't work. I'm at my wits end.
Erik Wilson wrote:
I know you have cut away a lot of rules, but maybe that just makes
things more confusing. Try to nest your rules in the following order:
direction - interface - protocol - src net - dst net - port/type
You should need no out rules if you have in rules with
Pat Maddox wrote:
12.34.56.78 runs a server on port 1234
87.65.43.21 should connect to this
Both of them have PF rulesets that block off most traffic, keeping
open the publically available ports I need open. In this case though,
any traffic over this port should only be between these two
On 6/9/06, Erik Norgaard [EMAIL PROTECTED] wrote:
Pat Maddox wrote:
12.34.56.78 runs a server on port 1234
87.65.43.21 should connect to this
Both of them have PF rulesets that block off most traffic, keeping
open the publically available ports I need open. In this case though,
any
12.34.56.78 runs a server on port 1234
87.65.43.21 should connect to this
Both of them have PF rulesets that block off most traffic, keeping
open the publically available ports I need open. In this case though,
any traffic over this port should only be between these two machines.
I've tried to
Pat Maddox wrote:
12.34.56.78 runs a server on port 1234
87.65.43.21 should connect to this
Both of them have PF rulesets that block off most traffic, keeping
open the publically available ports I need open. In this case though,
any traffic over this port should only be between these two
On Sun, 3 Apr 2005, Brian John wrote:
altq on $ext_if priq
queue mail priority 13
queue ssh priority 12
queue web priority 14
I see one syntactical thing you missed.
You have to define your child queues in your altq declaration. Something
like:
altq on $ext_if priq queue {mail, ssh, web}
Also,
Hello,
I read the manpage on pf and constructed a basic set of rules and
macros. However, when I start pf it gives me errors about the syntax of
my file. Basically all I want to accomplish is I don't want my p2p
programs to be able to hog the traffic away from me if I'm trying to
surf. When
Brian John wrote:
However, when I start pf it gives me errors
about the syntax of my file.
Read http://www.openbsd.org/faq/pf/queueing.html. There are
good examples.
Regards Björn
___
freebsd-questions@freebsd.org mailing list
22 matches
Mail list logo