Re: im new with pf
Hello Jonathan, * Jonathan Horne [EMAIL PROTECTED] [30-05-07 19:19]: like i said, i need to allow local (and me, trusted) to anything, and anyone else just access to 25, 80 and 443. thanks for any critiques and ideas. you can try security/fwbuilder a nice tool to build firewalls and administrate them. It can compile the rules for several systems including pf. Best regards, Matthias -- Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning. -- Rich Cook ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: im new with pf
Hello Jonathan, Thursday, May 31, 2007, 3:19:26 AM, you wrote: i have a client who has a simple linksys router, with port 22, 25, 80, 443 forwarded to a freebsd server i built for his small business. 25 80 and 443 are obviously public services, but id like to limit access to 22 to the trusted internal network, and my block of IPs i would be connecting from from my site. along with regulating port 22, i also need all other ports to work properly, since samba is installed, and i dont want to mess with picking and choosing what ports will be in this config. i just need to limit access to port 22. snip There's a very nice document here: http://www.openbsd.org/faq/pf/ -- Best regards, Ghirai. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
im new with pf
i have a client who has a simple linksys router, with port 22, 25, 80, 443 forwarded to a freebsd server i built for his small business. 25 80 and 443 are obviously public services, but id like to limit access to 22 to the trusted internal network, and my block of IPs i would be connecting from from my site. along with regulating port 22, i also need all other ports to work properly, since samba is installed, and i dont want to mess with picking and choosing what ports will be in this config. i just need to limit access to port 22. does something like this look acceptable if the above is my goal? [pf.conf] # definitions ext_if=fxp0 client=192.168.1.0/24 mynet=[outsideips]/29 table trusted { $client $mynet } # rules start here scrub in block in all pass quick on lo antispoof quick for lo pass in on $ext_if from trusted to ($ext_if) keep state pass in on $ext_if proto tcp from any to ($ext_if) port { 25 80 443 } keep state pass out all keep state [/pf.conf] like i said, i need to allow local (and me, trusted) to anything, and anyone else just access to 25, 80 and 443. thanks for any critiques and ideas. -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]