Velka vdaka, moc ste mi pomohli. PF sice pouzivam na taketo jednoduche
blokovanie niekolko rokov, ale syntax zial nepoznam. Zial v manuali som
naozaj taketo zakladne priklady nenasiel. A pritom, toto sa da pouzivat
elegantne aj na SSH, takze cakal by som, ze takychto prikladov najdem na
internete
On 06/06/2021 12:10, Frantisek Hennel wrote:
Dakujem, ale ani toto mi nefunguje :-(. Rozsiril som svoje pravidla o tie
tvoje a toto je vysledok.
Reloading pf rules.
/etc/pf.conf:6: port only applies to tcp/udp
/etc/pf.conf:6: skipping rule due to errors
/etc/pf.conf:6: rule expands to no
Frantisek Hennel wrote on 06.06.2021 12:10:
table persist file "/etc/pf.mysqlwhite.ip.conf"
pass in quick on $ext_if from to any port 3306
block return in log (all) quick on $ext_if from any to any port 3306
Reloading pf rules.
/etc/pf.conf:6: port only applies to tcp/udp
/etc/pf.conf:7: port
Frantisek Hennel wrote:
>
> Dakujem za pomoc, ale nefunguje mi to.
>
> pass in quick on $ext_if from 10.1.1.0/24 to ($ext_if) port 3306
> /etc/pf.conf:4: port only applies to tcp/udp
Sorry, chýba tam "proto tcp”.
pass in quick on $ext_if proto tcp from 10.1.1.0/24 to ($ext_if) port 3306
block
Dakujem, ale ani toto mi nefunguje :-(. Rozsiril som svoje pravidla o tie
tvoje a toto je vysledok.
pf.conf
table persist file "/etc/pf.blocked.ip.conf"
ext_if="em0" # interface connected to internet
block drop in log (all) quick on $ext_if from to any
table persist file
Dakujem, ano takto by sa mi to pacilo. Upravil som to v zmysle tvojho
odporucania, ale stale mi to nefunguje.
/etc/pf.conf
table persist file "/etc/pf.blocked.ip.conf"
ext_if="em0" # interface connected to internet
block drop in log (all) quick on $ext_if from to any
table persist file
Dakujem za pomoc, ale nefunguje mi to.
table persist file "/etc/pf.blocked.ip.conf"
ext_if="em0" # interface connected to internet
block drop in log (all) quick on $ext_if from to any
pass in quick on $ext_if from 10.1.1.0/24 to ($ext_if) port 3306
block drop in log (all) quick on $ext_if from
Frantisek Hennel wrote on 06.06.2021 9:53:
Potreboval by som zablokovat pristup na mysql server (port
3306), aby nebol pristupny do internetu a povolit by som chcel
tento port iba pre konkretne IP adresy, pripadne konkretne
subnety.
table persist file "/etc/pf.blocked.ip.conf"
ext_if="em0"
Ahoj,
Ve tvym pripade bych si asi nadefinoval pole/tabulku s allowed ips/subnets
$MYSQLALLOWED a pridal pravidlo:
block in log quick on $ext_if from ! $MYSQLALLOWED to ($MYIP) port 3306
Pisu z mobilu, nesedim u pc, tak si tu syntaxi odkontroluj s man pf.conf ;)
Marek
6. 6. 2021 9:54, 9:54,
Frantisek Hennel wrote:
> Potreboval by som zablokovat pristup na mysql server (port
> 3306), aby nebol pristupny do internetu a povolit by som chcel
> tento port iba pre konkretne IP adresy, pripadne konkretne
> subnety. Vsetky ostatne porty chcem ponechat normalne
> otvorene, len ten jeden port
Ahoj,
chcel by som Vas poprosit o radu ohladne firewallu PF,
nakolko uz od vcera studujem manualy a podobny pripad,
ako sa snazim nastavit ja, som nikde nenasiel.
Potreboval by som zablokovat pristup na mysql server (port
3306), aby nebol pristupny do internetu a povolit by som chcel
tento port
11 matches
Mail list logo
