Hi, I've been having a problem logging port 22
traffic. Here is some of my pf.conf file. Let me know
what you think. Thanks.
##
# Packet Filtering
##
# Rules for internal interfaces
##
# pass on unfiltered interfaces
pass quick on $unfiltered
# silently drop TCP non-SYN packets, the remaining
ruleset only deals with
# TCP SYNs, which always create state when passed. the
ruleset basically
# deals with 'connections', not packets, beyond this
point.
block return-rst quick inet proto tcp all flags /S
block return-rst quick inet proto tcp all flags A/A
# block everything by default
block
block return-rst inet proto tcp
block return-icmp inet proto udp
# Rules for external interface
##
# silently drop broadcasts
block in quick on $ext_if inet from any to {
255.255.255.255 }
# block incoming packets from reserved address space
and invalid
# addresses, they are either spoofed or misconfigured,
we can't reply to
# them anyway (hence, no return-rst).
block in quick on $ext_if inet from to
any
# block outgoing packets that don't have my address as
source, they are
# either spoofed or something is misconfigured (NAT
disabled, for instance),
# we want to be nice and not send out garbage.
block out quick on $ext_if inet from !$ext_if to any
# ICMP
# internal hosts can send icmp queries and accept echo
replies to external hosts
pass out on $ext_if inet proto icmp from $ext_if to
any \
icmp-type $icmp_types $icmp_options
# UDP
pass out on $ext_if inet proto udp from any to any \
$udp_options
pass in on $ext_if inet proto udp from any to $ext_if
\
port $udp_services $udp_options
# TCP
pass in log on $ext_if inet proto tcp from any to
$ext_if \
port 22 $tcp_options
pass out on $ext_if inet proto tcp from $ext_if to any
\
$tcp_options
pass in on $ext_if inet proto tcp from any to $ext_if
\
port $tcp_services $tcp_options
__
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
