Yes, use a switch that handles vlans and make use of them.
--Jon Radel
j...@radel.com
Sent from my iPad
On Nov 20, 2012, at 2:15, Hooman Fazaeli hoomanfaza...@gmail.com wrote:
With a topology like:
- ADSL 1
LAN PF Box - Switch
website,
in particular something like
http://openbsd.org/faq/pf/index.html
and then ask follow-up questions on the appropriate OpenBSD mailing list.
--Jon Radel
j...@radel.com
___
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman
, if the firewall is on the server in
question, rather than being another piece of equipment, anybody who has
root can rearrange your firewall for you
--
--Jon Radel
j...@radel.com
but mainly just because rather than to
solve any particular issue.
Without knowing more about the traffic to be put across the machine,
about the only real answer is: Try it and see what happens.
--
--Jon Radel
j...@radel.com
smime.p7s
Description: S/MIME Cryptographic Signature
Ivan Petrushev wrote:
So there is not spam protection or whatever installed on the software
servicing the mail list? Abuse control? User registration approval?
On Fri, Jan 30, 2009 at 8:46 AM, Jon Radel j...@radel.com wrote:
Ivan Petrushev wrote:
Excuse me, why such a spam comes
get that running, I'd suggest you start making things fancier
with Miroslav's recommendation about using a table, putting in scrub
with some of the less agressive options, protecting yourself from
packets with spoofed addresses, etc., etc.
--Jon Radel
with
FreeBSD 7.0
Actually, it is, as is flags S/SA on TCP connections. Those defaults
came in with the PF from OpenBSD 4.1, which is what is used in FreeBSD 7.0.
--Jon Radel
smime.p7s
Description: S/MIME Cryptographic Signature
character? You're trying to split a single line into two,
and that has to be done just so.
--Jon Radel
smime.p7s
Description: S/MIME Cryptographic Signature
Guido van Rooij wrote:
On Wed, Sep 03, 2008 at 08:42:52AM -0400, Jon Radel wrote:
Guido van Rooij wrote:
Setup: FreeBSD 6.3 system with 2 interfaces: ep0 and bge0.
ep0: 1.2.3.4/24
bge0: 10.0.0.1/24
ruleset (made as simple as possible):
pass in quick on ep0 inet from 1.2.3.1 to 10.0.0.2
.
Then the packet should be sent out via ep0, but it is blocked, as pflogd
shows:
And does the problem go away when you put a keep state at the end of
line 1?
--Jon Radel
smime.p7s
Description: S/MIME Cryptographic Signature
Guido van Rooij wrote:
On Wed, Sep 03, 2008 at 09:25:12AM -0400, Jon Radel wrote:
I did test the folowing ruleset:
pass in quick on ep0 inet from 1.2.3.1 to 10.0.0.2 keep state
block drop out log quick on ep0 all
pass out quick on bge0 inet proto tcp from 1.2.3.1 to 10.0.0.2
Guido van Rooij wrote:
On Wed, Sep 03, 2008 at 10:13:08AM -0400, Jon Radel wrote:
And why is that so? This bascially rules out keep state on outgouing packets
on any router-type system. That seems like an unnecessary limitation.
What? If you want state, turn it on:
block all
pass in on ep0
direction with respect to the router on bge0 and the other direction on
ep0, so you'd need separate state entries no matter what you've done
with if-bound.
--Jon Radel
smime.p7s
Description: S/MIME Cryptographic Signature
looked at has been silent on whether the default pass
rule is expected to establish state (for versions of PF recent enough),
and I'm not quite curious enough to build a testbed right now. If
anyone knows the answer to this one, please do share. :-)
--Jon Radel
smime.p7s
Description: S/MIME
14 matches
Mail list logo
