Re: pf states
Thanks a lot for the tips, will keep them in mind. I have seen those states on port 53 for udp. p.s. pf works like a charm just for the interest, i looked into /etc/rc.firewall and i was just terrified by it. pf looks like a breath of fresh air. On 7/31/06, Darrin Chandler [EMAIL PROTECTED] wrote: On Sun, Jul 30, 2006 at 09:33:15PM +, Ivan Levchenko wrote: Thanks, i have some knowledge of these things (at least i have been reading the man pages for pf and altq, and the openbsd pf faq =) .. like always ... there is still more reading ahead. thanks. The thing that I forgot to mention is that pf tries to keep state for udp and icmp, even though these are not strictly stateful protocols. So there are state entries that you will not find any information about if you go read about icmp or udp. For instance, if you have a default block in rule, but a pass out icmp keep state and you send out a ping (icmp echo-request) then pf will create a state waiting for the echo reply and let it in. The same goes for udp, which is often seen on port 53 for DNS. It's good that you want to know what is going on and are learning. Too many people do not. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | -- Best Regards, Ivan Levchenko Manager of Programming department [EMAIL PROTECTED] [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pf states
Hello all, Have a little question to which google didn't help a lot. I have pf firewall working great. i installed pftop to see whats going on in real time. I see some state meanings that i would like to know more about, for example no_traffic. I looked in the man pages and what not, but could not find what i was looking for. Thanks in advance. Ivan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf states
On Sun, Jul 30, 2006 at 08:53:48PM +, Ivan Levchenko wrote: Have a little question to which google didn't help a lot. I have pf firewall working great. i installed pftop to see whats going on in real time. I see some state meanings that i would like to know more about, for example no_traffic. I looked in the man pages and what not, but could not find what i was looking for. Pftop assumes you have some knowledge of pf. Pf assumes you have some knowledge of networking. I think you are right that there's nowhere that really explains what these states are in realtion to pf. The STATE column in pftop (or pfctl -s state) has two sides, one for each endpoint. The state SINGLE:NO_TRAFFIC is something I see a lot using symon/symux, where a udp datagram is sent and there is no reply (it's merely accepted). You will also see a lot of ESTABLISHED:ESTABLISHED and FIN_WAIT_2:FIN_WAIT_2 states. Most of these are not really specific to pf, and will be documented in various references online and in books. Most of the states you will see have to do with TCP connections being build, or as established, or being torn down. Google for Transmission Control Protocol and you should find what you're looking for (and WAY more). -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
