[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF failing to block?

To: Blair Heiserman <bheiserm@primexus.com>
Subject: Re: PF failing to block?
From: Daniel Hartmeier <daniel@benzedrine.cx>
Date: Mon, 18 Feb 2002 22:35:52 +0100
Cc: misc@openbsd.org
Content-Disposition: inline
References: <5.1.0.14.0.20020218150552.00a9a778@golem.primexus.com>
User-Agent: Mutt/1.2.5.1i

On Mon, Feb 18, 2002 at 03:15:52PM -0500, Blair Heiserman wrote:

> I'm having some serious problems with PF. It doesn't seem to be filtering 
> everything appropriately. Specifically it seems to let browsers get through 
> to any port. I've been able to access addresses other then my web server, 
> and on non-conventional ports. When I try this with command-line utilities, 
> I am typically blocked. But browsers seem to get through. This is obviously 
> a big security problem. I have included most of my pf configuration file, 
> and a piece of the pflog which at least theoretically shows it being 
> blocked. However it still gets through despite what the pflog shows. I was 
> hoping that someone can point out a flaw in my config file.

You didn't quote a tcpdump of a packet that's supposed to be blocked but
was passed. I suggest you add 'log' to all of your rules and reproduce
the behavior. Then check the log for the packets that you don't expect
to be passed and see which rule is responsible. Without the full rule
set, and without a captured packet, it's hard to tell where the problem
is (could be one of the macros whose definition you didn't quote, for
instance).

Daniel

Follow-Ups:
- Re: PF failing to block?
  - From: Blair Heiserman <bheiserm@primexus.com>

References:
- PF failing to block?
  - From: Blair Heiserman <bheiserm@primexus.com>

Prev by Date: Re: Mounting CD-ROM (new user problem)
Next by Date: Re: Mounting CD-ROM (new user problem)
Prev by thread: Re: PF failing to block?
Next by thread: Re: PF failing to block?
Index(es):
- Date
- Thread