Hi,
Any idea for denying connection initiation to outside from any web server
protected by PF? ( wanna block Trojans and reverse connections while
incomming http traffic is allowed) .
Regards,
Hassan H. Monfared
block all
Permit inbound port 80, but do not permit new outbound connections.
Consider each interface a separate firewall, with separate flows
entirely, then use policy enforcement (see tagging:
http://cvs.openbsd.org/faq/pf/tagging.html) to ensure only properly
tagged packets are passed out from
On Mon, 26 Sep 2011 09:48:20 +0330
Hassan Monfared hmonfa...@gmail.com wrote:
Hi,
Any idea for denying connection initiation to outside from any web
server protected by PF? ( wanna block Trojans and reverse connections
while incomming http traffic is allowed) .
block all
pass in on $if from
thank you,
is it right blocking connection initiation from inside using rule something
like:
block in on $if flags S/SA
am I right ?
Regards,
Hassan H. Monfared
On Mon, Sep 26, 2011 at 10:18 AM, Gregory Edigarov
g...@bestnet.kharkov.uawrote:
On Mon, 26 Sep 2011 09:48:20 +0330
Hassan Monfared
If your firewall is on the same machine as webserver -you can safely
use the ruleset i wrote.
if not - you should have block in on $intif
On Mon, 26 Sep 2011 10:40:09 +0330
Hassan Monfared hmonfa...@gmail.com wrote:
thank you,
is it right blocking connection initiation from inside using
Hi again,
all 6 webservers are behind FW ,
doesn't block in on $intif rule blocks TCP handshaking ? I mean ACK
message must be passed on $intif, mustn't ?
Regards,
Hassan H. Monfared
On Mon, Sep 26, 2011 at 11:21 AM, Gregory Edigarov
g...@bestnet.kharkov.uawrote:
If your firewall is on the
Why can't you read how does statefull filtration works? You'd be much
better with the full explanation of TCP handshake process, and how does
a statefull firewall fits into picture.
On Mon, 26 Sep 2011 11:26:54 +0330
Hassan Monfared hmonfa...@gmail.com wrote:
Hi again,
all 6 webservers are
thanks for clear answer !
I'd already read.
not bad idea to refer every question on the list to the manuals and books or
man pages, huh ?
On Mon, Sep 26, 2011 at 11:35 AM, Gregory Edigarov
g...@bestnet.kharkov.uawrote:
Why can't you read how does statefull filtration works? You'd be much
Hi,
I use an appliance with OpenBSD 4.9, there are 3 network
ports(sis0-2), and a wifi port (ral0)
sis0 : egress (internet)
sis1,
sis2, ral0 : lan i configure a hostname.trunk0 : trunkport sis2 trunkport
sis1 trunkport ral0 trunkproto loadbalance inet 10.100.1.50 255.255.255.0
hostname.sis1,
Actually I'm way more optimist about OEM motherboard manufacturers rather
than PC companies.
The weak spot will in fact be laptops and other portable equipment, as these
are all proprietary design.
Considering that laptop sales have overdone standard fixed PCs ones since
years, the ecosystem,
You want bridge(4), not trunk(4).
On 2011-09-26, Wesley M. open...@e-solutions.re wrote:
Hi,
I use an appliance with OpenBSD 4.9, there are 3 network
ports(sis0-2), and a wifi port (ral0)
sis0 : egress (internet)
sis1,
sis2, ral0 : lan i configure a hostname.trunk0 : trunkport sis2
On Mon, Sep 26, 2011 at 10:16 AM, Hassan Monfared hmonfa...@gmail.com
wrote:
thanks for clear answer !
I'd already read.
not bad idea to refer every question on the list to the manuals and books
or
man pages, huh ?
Because nearly 95% or more was already answered in them? ;-) This is not
On Mon, Sep 26, 2011 at 11:09 AM, Paolo Aglialoro paol...@gmail.com wrote:
Actually I'm way more optimist about OEM motherboard manufacturers rather
than PC companies.
The weak spot will in fact be laptops and other portable equipment, as these
are all proprietary design.
There's new article
finally I agree ;). but referring to the right document is not bad Idea ;) .
I do it myself if I can. :)
objective, not subjective ;)
Regards,
On Mon, Sep 26, 2011 at 1:23 PM, Tomas Bodzar tomas.bod...@gmail.comwrote:
On Mon, Sep 26, 2011 at 10:16 AM, Hassan Monfared hmonfa...@gmail.com
Am Montag, den 26.09.2011, 11:09 +0200 schrieb Paolo Aglialoro:
Actually I'm way more optimist about OEM motherboard manufacturers rather
than PC companies.
The weak spot will in fact be laptops and other portable equipment, as these
are all proprietary design.
Considering that laptop sales
[IMAGE]
Estimado cliente,
Nos dirigimos a usted para informarle que su clave de operaciones BBVA
Net no ha sido cambiada y ha vencido el dma 19/09/2011. Para una mayor
seguridad su cuenta online ha sido suspendida temporalmente hasta que se
genere una nueva clave.
Con el fin de solucionar esta
I have been playing around a little with the npppd daemon having setup a
L2TP server for test and learning purposes. The connection is running in
an IPsec tunnel and it works great and runs very fine when used on a
local network.
But I'm having problems when it comes to NAT.
This is my setup:
Me alegra decirle que ya hemos completados el 80% de la financiacisn para la
realizacisn del videojuego para iPhone, iPad, Android, Pc y Mac que le he
comentado en un par de ocasiones.
Cerraremos la entrada de nuevos socios este viernes prsximo a las 14:00 hora
peninsular, salvo que se complete
I think you have to enable NAT Traversal in your ipsec.conf file. Check the
man page on that one. You could try this but I am not sure it will work.
ike passive from any (public-ip) to any ..
26 QP5P=QQP1QQ 2011, 19:50 PQ Gonzalo L. R. gonz...@x61.com.ar:
Maybe you can use trunk(4)
so, I need this:
# ifconfig trunk0 trunkproto loadbalance trunkport fxp0 trunkport fxp1 \
trunkport fxp2 trunkport fxp3 \
192.168.1.1 netmask 255.255.255.0
and
NN1N;OO N.N;N8N1ON5 OON7N= N9OON?ON5N;N/N4N1 NN1O
GPS, DVD, ON7ON9N1N:N. OOON?N3ON1ON9N:N. NN7ON1N=N., video.MP3,
MP4, scanner, projector, N:N9N=N7ON,
ON7N;NOO N=N?, ON7N;N5OON1ON7.
NN;N1 ON1 OON?O
ON=ON1 N5N/N=N1N9 N=NN? N:N1N9 OOO OOOOON?,
N1N;N;N,
One week and half since my last mail without any answer :(
Two week and half since I first asked some questions about this
problem also without any answer. :(
Here a little part of pf faq
Link : http://openbsd.org/faq/pf/filter.html#state
... if a packet passing through the firewall belongs to
On 2011-09-26, Michel Blais mic...@targointernet.com wrote:
So it really look like a bug. When I erase state with
pfctl -k x.x.x.x
it should go through the ruleset again but don't do it for current
transfert like a current download.
This only erases the state in one direction..try:
pfctl -k
If so, drop me a line.
Jeff Ross
Dear sir,
We are the manufacturer of chain hoist and electric hoist in China. Our main
products are HSZ/HSC/VT chain hoist. VT lever blok. CD1/MD1/BCD electric
wire-rope hoist and DHL/HHB electric chain hoist. and craine scale
9512851
We have CE certificate for our hoist and they are sold
I have made the switch to smtpd, and I am thrilled with its ease of use
and ease of management in comparison to sendmail.
I also run a small moderated mailing list, and am looking for a replacement
for mail/majordomo that will integrate with smtpd. Majordomo requires both
Commands and Include
Is it possible to use npppd as an L2TP client or in a configuration where both
vpn endpoints are OpenBSD based? Thank you in advance.
27 matches
Mail list logo