Re: im new with pf
Hello Jonathan, * Jonathan Horne [EMAIL PROTECTED] [30-05-07 19:19]: like i said, i need to allow local (and me, trusted) to anything, and anyone else just access to 25, 80 and 443. thanks for any critiques and ideas. you can try security/fwbuilder a nice tool to build firewalls and administrate them. It can compile the rules for several systems including pf. Best regards, Matthias -- Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning. -- Rich Cook ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: im new with pf
Hello Jonathan, Thursday, May 31, 2007, 3:19:26 AM, you wrote: i have a client who has a simple linksys router, with port 22, 25, 80, 443 forwarded to a freebsd server i built for his small business. 25 80 and 443 are obviously public services, but id like to limit access to 22 to the trusted internal network, and my block of IPs i would be connecting from from my site. along with regulating port 22, i also need all other ports to work properly, since samba is installed, and i dont want to mess with picking and choosing what ports will be in this config. i just need to limit access to port 22. snip There's a very nice document here: http://www.openbsd.org/faq/pf/ -- Best regards, Ghirai. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
im new with pf
i have a client who has a simple linksys router, with port 22, 25, 80, 443
forwarded to a freebsd server i built for his small business. 25 80 and 443
are obviously public services, but id like to limit access to 22 to the
trusted internal network, and my block of IPs i would be connecting from from
my site. along with regulating port 22, i also need all other ports to work
properly, since samba is installed, and i dont want to mess with picking and
choosing what ports will be in this config. i just need to limit access to
port 22.
does something like this look acceptable if the above is my goal?
[pf.conf]
# definitions
ext_if=fxp0
client=192.168.1.0/24
mynet=[outsideips]/29
table trusted { $client $mynet }
# rules start here
scrub in
block in all
pass quick on lo
antispoof quick for lo
pass in on $ext_if from trusted to ($ext_if) keep state
pass in on $ext_if proto tcp from any to ($ext_if) port { 25 80 443 } keep
state
pass out all keep state
[/pf.conf]
like i said, i need to allow local (and me, trusted) to anything, and anyone
else just access to 25, 80 and 443. thanks for any critiques and ideas.
--
Jonathan Horne
http://dfwlpiki.dfwlp.org
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
