Dakujem, ano takto by sa mi to pacilo. Upravil som to v zmysle tvojho odporucania, ale stale mi to nefunguje.
/etc/pf.conf table <blockedips> persist file "/etc/pf.blocked.ip.conf" ext_if="em0" # interface connected to internet block drop in log (all) quick on $ext_if from <blockedips> to any table <mysqlwhite> persist file "/etc/pf.mysqlwhite.ip.conf" block in log quick on $ext_if from ! <mysqlwhite> to any port 3306 Reloading pf rules. /etc/pf.conf:6: port only applies to tcp/udp /etc/pf.conf:6: skipping rule due to errors /etc/pf.conf:6: rule expands to no valid combination Frantisek ne 6. 6. 2021 o 10:18 schrodinger <[email protected]> napísal(a): > Ahoj, > > Ve tvym pripade bych si asi nadefinoval pole/tabulku s allowed ips/subnets > $MYSQLALLOWED a pridal pravidlo: > > block in log quick on $ext_if from ! $MYSQLALLOWED to ($MYIP) port 3306 > > Pisu z mobilu, nesedim u pc, tak si tu syntaxi odkontroluj s man pf.conf ;) > > Marek > > 6. 6. 2021 9:54, 9:54, Frantisek Hennel <[email protected]> > napsal/a: > >Ahoj, > > > >chcel by som Vas poprosit o radu ohladne firewallu PF, > >nakolko uz od vcera studujem manualy a podobny pripad, > >ako sa snazim nastavit ja, som nikde nenasiel. > > > >Potreboval by som zablokovat pristup na mysql server (port > >3306), aby nebol pristupny do internetu a povolit by som chcel > >tento port iba pre konkretne IP adresy, pripadne konkretne > >subnety. Vsetky ostatne porty chcem ponechat normalne > >otvorene, len ten jeden port 3306 chcem takto zablokovat. > > > >V sucasnosti vyuzivam firewall PF len na blokovanie > >nechcenych IP adries a moj pf.conf vyzera nasledovne: > > > >table <blockedips> persist file "/etc/pf.blocked.ip.conf" > >ext_if="em0" # interface connected to internet > >block drop in log (all) quick on $ext_if from <blockedips> to any > > > >Prosim o usmernenie aj v pripade, ak nie je mozne na tento > >ucel pouzit firewall PF, aj ked urcite uprednostnujem prave > >riesenie cez PF, kedze ho uz dlhsie pouzivam. > > > >Dakujem > > > >Frantisek > >-- > >FreeBSD mailing list ([email protected]) > >http://www.freebsd.cz/listserv/listinfo/users-l > -- > FreeBSD mailing list ([email protected]) > http://www.freebsd.cz/listserv/listinfo/users-l > -- FreeBSD mailing list ([email protected]) http://www.freebsd.cz/listserv/listinfo/users-l
