[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf problem, block .. os Linux

To: Joakim Aronius <joakim@aronius.com>
Subject: Re: pf problem, block .. os Linux
From: Nico Meijer <lists@familiemeijer.org>
Date: Tue, 8 Feb 2005 06:45:05 +0100
Cc: misc@openbsd.org
References: <20050201092459.GA16455@maya.i.aronius.com>

Hi Joakim,

Hadn't gotten around to fiddling with this myself before, hence my reply
coming in late.

> block drop in log quick on $ext_if proto { tcp, udp } from any os
> Linux to any port ssh 

Since I have only one interface in the machine I am testing this on, my
rule is as follows:
block in log proto tcp from any os Linux to ($ext_if) port ssh

The Linux machines I do need to be able to connect to this box are
allowed just below:
pass in proto tcp from $linuxssh to ($ext_if) port ssh modulate state

These two lines are the last two in my (simple) setup. Perhaps you can
debug your firewall by starting from scratch, enabling one rule at a
time and analyzing what happens.

Good luck... Nico

Follow-Ups:
- Re: pf problem, block .. os Linux
  - From: Joakim Aronius <joakim@aronius.com>

References:
- pf problem, block .. os Linux
  - From: Joakim Aronius <joakim@aronius.com>

Prev by Date: weekly locate.updatedb fails silently
Next by Date: Re: weekly locate.updatedb fails silently
Prev by thread: pf problem, block .. os Linux
Next by thread: Re: pf problem, block .. os Linux
Index(es):
- Date
- Thread