Re: pf rules

看板FB_security作者時間16年前 (2010/01/22 17:32), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串3/11 (看更多)
If I guess your idea right, you should specify direction like this: pass in proto udp to any port $udp "pass proto udp to any port $udp" passes traffic in any direction (ingoing and outgoing). 2010/1/22 kalin m <kalin@el.net>: > > > hi all... > > doing testing with pf... > > how is it possible that if i have these rules below in pf.conf if i do: > telnet that.host.org 25 > > i get: > Trying xx.xx.xx.xx... > Connected to that.host.org. > Escape character is '^]'. > ........... etc ....... > > > pf.conf contetns: > > tcp_in = "{ www, https }" > ftp_in = "{ ftp }" > udp = "{ domain, ntp }" > ping = "echoreq" > > set skip on lo > scrub in > > antispoof for eth0 inet > > block in all > pass out all keep state > pass proto udp to any port $udp > pass inet proto icmp all icmp-type $ping keep state > pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state > pass proto tcp to any port ssh > > > > thanks.... > > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 s4mmael. 的文章
文章代碼(AID): #1BMN2JnD (FB_security)
更多 s4mmael. 的文章
文章代碼(AID): #1BMN2JnD (FB_security)