On Wed, Dec 13, 2006 at 06:31:10PM +0100, Daniel Hartmeier wrote:
> > pass in on $first-nic proto tcp from IP-A to IP-B port 22 keep state
>
> The point of this is that you can control _which_ interface(s) a
> connection must flow through, instead of granting a permission to pass
> any and all
Le 13/12/2006 18:31:10+0100, Daniel Hartmeier a ?crit
> On Wed, Dec 13, 2006 at 05:52:03PM +0100, Albert Shih wrote:
>
> > It's a problem with FreeBSD or it's with pf ?
>
> With neither, you're assuming a state entry has the same effect in pf as
> in ipfw, which is not the case.
>
> > For exam
On Dec 13, 2006, at 11:19 PM, Daniel Hartmeier wrote:
On Wed, Dec 13, 2006 at 04:10:44PM -0800, Michael K. Smith - Adhost
wrote:
Hummm I'm not surethe term is (IMHO) used by CISCO
ACL,
and it's mean all IP packet is a response from inside.
Ah, so it's not really stateful filtering (w
Hello All:
> > ipfw add permit any to any established.
>
> The pf counterpart would be
>
> pass from any to any keep state
>
> i.e. leaving out the 'on $if' part makes the rule apply to all
> interfaces, and leaving out the 'out' or 'in' direction makes it apply
> to both directions.
Hum
On Wed, Dec 13, 2006 at 04:10:44PM -0800, Michael K. Smith - Adhost wrote:
> Hummm I'm not surethe term is (IMHO) used by CISCO
> ACL,
> and it's mean all IP packet is a response from inside.
Ah, so it's not really stateful filtering (where the firewall keeps
track of which connections have
Le 13/12/2006 à 18:31:10+0100, Daniel Hartmeier a écrit
> On Wed, Dec 13, 2006 at 05:52:03PM +0100, Albert Shih wrote:
Thanks for you answer
>
> > It's a problem with FreeBSD or it's with pf ?
>
> With neither, you're assuming a state entry has the same effect in pf as
> in ipfw, which is not t
On Wed, Dec 13, 2006 at 05:52:03PM +0100, Albert Shih wrote:
> It's a problem with FreeBSD or it's with pf ?
With neither, you're assuming a state entry has the same effect in pf as
in ipfw, which is not the case.
> For example I've put this kind of rule
>
> pass in on $first-nic proto tc
Hi all
I've very strange problem
I've FreeBSD box running pf with 3 NIC, one on each different subnet (all
public), I'm using ipfw for making a router. I want use pf now
I've using keep state option of all my rules but it's seem not working.
With keep state option I've got a dynamic rule on pfc
On Fri, Apr 01, 2005 at 02:37:00AM +0800, Francis Vidal wrote:
> rdr on em0 inet proto tcp from any to any port www -> 127.0.0.1 port 3128
You probably need to use 'on gre0' here. On em0, the packets are still
encapsulated, and don't match the 'proto tcp' criterion.
pf does never looks inside en
I just got a new server with FreeBSD 5.3 installed, tried to set up
PF, and am getting an error when I try to parse the file. I updated
to patch release 6, hoping that might solve things, but I still get
the error. Here's the error itself:
pfctl: ifa_load: pfi_get_ifaces: Bad file descriptor
I'
I've been using IPFilter + FreeBSD + WCCP + Squid for quite sometime
now. I want to switch to pf but I can't seem to get it right. My
/etc/pf.conf looks like this:
rdr on em0 inet proto tcp from any to any port www -> 127.0.0.1 port 3128
pass in all
pass out all
Squid was compiled with the option
On Friday 26 November 2004 19:05, Jonathan Weiss wrote:
> Hi Max,
>
> > You are supposed to have a NAT rule somewhere. Please let us know the
> > complete ruleset (including translation rules) and include match counters
> > so that people can figure if a certain rule is matched at all (pfctl -vv
>
On Friday 26 November 2004 14:58, Jonathan Weiss wrote:
> Hi folks,
>
>
> Since yesterday my PF firewall acts strange. I have not touched the ruleset
> and tried a new one only with pass-rules, but the problem is still there.
>
> I cannot "go" through the tunnel interface tun0 of ppp (I use DSL her
Hi Max,
>
> You are supposed to have a NAT rule somewhere. Please let us know the complete
> ruleset (including translation rules) and include match counters so that
> people can figure if a certain rule is matched at all (pfctl -vv -sn -sr).
This was my complete ruleset, as I switched from my d
Hi folks,
Since yesterday my PF firewall acts strange. I have not touched the ruleset
and tried a new one only with pass-rules, but the problem is still there.
I cannot "go" through the tunnel interface tun0 of ppp (I use DSL here in
Germany). Even a "pass on tun0" will not change anything.
#pf
15 matches
Mail list logo