Having used OpenBSD/ipf for some time and now starting to look at pf.
First question: Installed test bed with 3.1 and the first thing that became apparent was with ipf a statement like
"pass in on xl0 proto tcp/udp from any to [DNS_SERV] port = 53"
is enough for the domain service. However, a corresponding statement with pf
"pass in on xl0 inet proto { tcp, udp } from any to any port 53"
is not enough, I think I need to allow ports >1024 as well?
Second question: ftp. I have seen different examples on how to treat ftp connections and the ftp-proxy. We need to have both incoming active+passive ftp and outgoing passive and again I'm unsure of how to treat ports >1023 and 20.
Sorry if the above sounds uninformed but I really need someplace to start.
Thanks,
Per olof
- Re: ipf > pf beginner question Per olof Ljungmark
- Re: ipf > pf beginner question Helio Alexandre Lopes Loureiro
- Re: ipf > pf beginner question Per olof Ljungmark
- Re: ipf > pf beginner quest... Helio Alexandre Lopes Loureiro
- Re: ipf > pf beginner q... Per olof Ljungmark
- Re: ipf > pf beginner q... Henning Brauer
- Re: ipf > pf begin... Per olof Ljungmark
- Re: ipf > pf b... Henning Brauer
- Re: ipf > pf b... Helio Alexandre Lopes Loureiro
- Re: ipf > pf begin... Helio Alexandre Lopes Loureiro
- Re: ipf > pf b... Daniel Hartmeier
