Re: pf block question

2005-06-18 Thread Matt Rechkemmer
On Fri, Jun 10, 2005 at 09:33:50PM +0300, Giorgos Keramidas wrote: Existing icmp states? Did you reload the rules with: /etc/rc.d/pf reload or by directly running pfctl? I tried flushing everything with pfctl -Fa, and then loading the rules with pfctl -f /etc/pf.conf. The

Re: pf block question

2005-06-10 Thread Giorgos Keramidas
On 2005-06-09 13:48, Matt Rechkemmer [EMAIL PROTECTED] wrote: On Thu, Jun 09, 2005 at 01:51:16PM +0300, Giorgos Keramidas wrote: If you add quick to the `block from badhosts' rule, packets from these hosts will immediately be dropped -- which is what you probably want to do, if I have

Re: pf block question

2005-06-09 Thread Matt Rechkemmer
On Tue, Jun 07, 2005 at 01:50:30PM +0300, Giorgos Keramidas wrote: We'd have to see the entire ruleset and a tcpdump of traffic that passes through to know what's wrong. - Giorgos Here are the rules as taken from pfctl -sr. I can also provide a copy of pf.conf, if needed. The user's host

Re: pf block question

2005-06-09 Thread Giorgos Keramidas
On 2005-06-09 03:18, Matt Rechkemmer [EMAIL PROTECTED] wrote: On Tue, Jun 07, 2005 at 01:50:30PM +0300, Giorgos Keramidas wrote: We'd have to see the entire ruleset and a tcpdump of traffic that passes through to know what's wrong. - Giorgos Here are the rules as taken from pfctl -sr.

Re: pf block question

2005-06-09 Thread Matt Rechkemmer
On Thu, Jun 09, 2005 at 01:51:16PM +0300, Giorgos Keramidas wrote: If you add quick to the `block from badhosts' rule, packets from these hosts will immediately be dropped -- which is what you probably want to do, if I have understood what you wrote so far. - Giorgos OK, I've added quick

pf block question

2005-06-07 Thread Matt Rechkemmer
So, at the very top of my pf filter rules, I have these rules: block drop in quick on fxp0 inet proto icmp from 1.3.3.7 to any block drop in quick on fxp0 inet proto tcp from 1.3.3.7 to any 1.3.3.7 is a made up IP address ;-). Even with this rule present, pf allows traffic from the IP through.

Re: pf block question

2005-06-07 Thread Giorgos Keramidas
On 2005-06-06 23:43, Matt Rechkemmer [EMAIL PROTECTED] wrote: So, at the very top of my pf filter rules, I have these rules: block drop in quick on fxp0 inet proto icmp from 1.3.3.7 to any block drop in quick on fxp0 inet proto tcp from 1.3.3.7 to any 1.3.3.7 is a made up IP address ;-).

RE: pf block question

2005-06-07 Thread John Brooks
Are you sure the ruleset is loaded, and pf is enabled? -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Rechkemmer Sent: Tuesday, June 07, 2005 1:43 AM To: [EMAIL PROTECTED] Subject: pf block question So

Re: pf block question

2005-06-07 Thread Matt Rechkemmer
On Tue, Jun 07, 2005 at 07:12:43AM -0500, John Brooks wrote: Are you sure the ruleset is loaded, and pf is enabled? -- John Brooks [EMAIL PROTECTED] Yes, pfctl -sr yields the rule right under scrub in all. -- Matt Rechkemmer [EMAIL PROTECTED]