On Thu, 2005-12-01 at 02:40 +0100, J65nko BSD wrote:
> [snip]
> > In your original post, there was something about a short packet. I'm
> > guessing this might screw things up. You might try adding 'scrub in all'
> > before the filtering rules.
> >
> [smip]
>
> Be careful with scrub and NFS. From h
[snip]
> In your original post, there was something about a short packet. I'm
> guessing this might screw things up. You might try adding 'scrub in all'
> before the filtering rules.
>
[smip]
Be careful with scrub and NFS. From http://openbsd.bay13.net/faq/pf/scrub.html
"One reason not to scrub o
On Wed, Nov 30, 2005 at 05:42:30PM -0600, Aaron Martinez wrote:
> On Wednesday 30 November 2005 11:02, Roland Smith wrote:
> > On Tue, Nov 29, 2005 at 08:58:48PM -0600, Aaron P. Martinez wrote:
> > > I am running FreeBSD 6.0-release and setting up a very basic firewall
> > > using pf on my workstat
On Wednesday 30 November 2005 11:02, Roland Smith wrote:
> On Tue, Nov 29, 2005 at 08:58:48PM -0600, Aaron P. Martinez wrote:
> > I am running FreeBSD 6.0-release and setting up a very basic firewall
> > using pf on my workstation. The ruleset is as follows:
> >
> > block in log all
> > pass quick
Will Maier <[EMAIL PROTECTED]> writes:
> On Tue, Nov 29, 2005 at 09:56:59PM -0600, Aaron P. Martinez wrote:
> > > Aaron P. Martinez wrote:
> [...]
> > I realize i could just accept all udp packets from the NFS server or even
> > just ports 2049, but the underlying question is, why isn't my "keep s
On Wed, Nov 30, 2005 at 06:52:25AM -0600, Will Maier wrote:
> On Tue, Nov 29, 2005 at 09:56:59PM -0600, Aaron P. Martinez wrote:
> > > Aaron P. Martinez wrote:
> [...]
> > I realize i could just accept all udp packets from the NFS server or even
> > just ports 2049, but the underlying question is,
On Tue, Nov 29, 2005 at 09:56:59PM -0600, Aaron P. Martinez wrote:
> > Aaron P. Martinez wrote:
[...]
> I realize i could just accept all udp packets from the NFS server or even
> just ports 2049, but the underlying question is, why isn't my "keep state"
> rule handling this.
I don't use pf (or NF
> Aaron P. Martinez wrote:
> [ ... ]
>> Actually my network looks like this:
>>
>> INT---firewall--internal router/firewall-good lan
>> ||
>> ||-insecure lan (windoze
>> machines)
>> |
>> |DMZ
>>
Aaron P. Martinez wrote:
[ ... ]
> Actually my network looks like this:
>
> INT---firewall--internal router/firewall-good lan
> ||
> ||-insecure lan (windoze machines)
> |
> |DMZ
>
> the good l
> Aaron P. Martinez wrote:
>> I am running FreeBSD 6.0-release and setting up a very basic firewall
>> using pf on my workstation. The ruleset is as follows:
>>
>> block in log all
>> pass quick on lo0 all
>> #pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
>> pass out on fx
Aaron P. Martinez wrote:
> I am running FreeBSD 6.0-release and setting up a very basic firewall
> using pf on my workstation. The ruleset is as follows:
>
> block in log all
> pass quick on lo0 all
> #pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
> pass out on fxp0 proto
I am running FreeBSD 6.0-release and setting up a very basic firewall
using pf on my workstation. The ruleset is as follows:
block in log all
pass quick on lo0 all
#pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
pass out on fxp0 proto { tcp, udp, icmp } all keep state
I
12 matches
Mail list logo
