Hello, Thanks for your answer, I've modified my rules as You suggested, but I haven't made groups yet. Thus the new ruleset is:
# I don't want to filter outgoing packets pass out quick all # The incoming packets for dhcp, dns, ssh, mail, ftp, www pass in quick on rl0 proto udp from any to any port = 68 keep state keep frags pass in quick on rl0 proto udp from any to any port = 53 keep state keep frags pass in quick on rl0 proto tcp from any to any port = 53 flags S keep state keep frags pass in quick on rl0 proto tcp from any to any port = 22 flags S keep state keep frags pass in quick on rl0 proto tcp from any to any port = 25 flags S keep state keep frags pass in quick on rl0 proto tcp from any to any port = 21 flags S keep state keep frags pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state keep frags pass in quick on rl0 proto tcp from any to any port = 80 flags S keep state keep frags # Some advanced stuff - will be set later #block return-rst in log quick on rl0 proto tcp from any to any #block return-icmp-as-dest(port-unr) in log quick on rl0 proto udp from any to any #block in quick on rl0 all # Allow everything for the loopback interface pass in quick on lo0 all pass out quick on lo0 all I ran the ipf -Fa && ipf -f /etc/ipf.rules2 command (ipf.rules2 is this ruleset) via ssh, but then my connection closed, and I was unable to reconnect via ssh until flushing the rules and loading this ruleset: pass in all pass out all Best wishes, Gábor Kövesdán _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
