[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf problem, block .. os Linux

To: Nico Meijer <lists@familiemeijer.org>
Subject: Re: pf problem, block .. os Linux
From: Joakim Aronius <joakim@aronius.com>
Date: Tue, 8 Feb 2005 08:06:48 +0100
Cc: misc@openbsd.org
References: <20050201092459.GA16455@maya.i.aronius.com> <20050208064505.6d1eeb11.lists@familiemeijer.org>
User-Agent: Mutt/1.5.6i

Thanks Nico, 

I actually got some 'off-list' help and got it working. Most likely it was a 3.4 /etc/pf.os file that i managed to get into my 3.6 system when i copied my rules and table files. (I can swear i made a diff and the file was ok.. but i screwed up somehow.)   

Now its working again, keeping the evil penguins away :) 
(hey, wouldn't that be cool for a poster?)

Cheers,
/Joakim

* Nico Meijer (lists@familiemeijer.org) wrote:
> Hi Joakim,
> 
> Hadn't gotten around to fiddling with this myself before, hence my reply
> coming in late.
> 
> > block drop in log quick on $ext_if proto { tcp, udp } from any os
> > Linux to any port ssh 
> 
> Since I have only one interface in the machine I am testing this on, my
> rule is as follows:
> block in log proto tcp from any os Linux to ($ext_if) port ssh
> 
> The Linux machines I do need to be able to connect to this box are
> allowed just below:
> pass in proto tcp from $linuxssh to ($ext_if) port ssh modulate state
> 
> These two lines are the last two in my (simple) setup. Perhaps you can
> debug your firewall by starting from scratch, enabling one rule at a
> time and analyzing what happens.
> 
> Good luck... Nico

References:
- pf problem, block .. os Linux
  - From: Joakim Aronius <joakim@aronius.com>
- Re: pf problem, block .. os Linux
  - From: Nico Meijer <lists@familiemeijer.org>

Prev by Date: SkyLife!무료설치받으시고 휴대폰도 최신유행하는 스타일로바꾸세요!..oXmcSIRarTBEdhDU
Next by Date: 월1%대 법정금리준수 최고5000만원까지!
Prev by thread: Re: pf problem, block .. os Linux
Next by thread: /etc/issue.net
Index(es):
- Date
- Thread