Re: Sample ruleset for dividing LANs

I have a ruleset that is partially working, but I've hit a wall trying to figure out why a few parts do not work. The wifi is intended to be a hot-spot here in the apt complex, but I'm having trouble restricting them to their assigned services and I am not 100% certain that they do not have

Re: www {80,443} ACK's - PF Flags

On 4/18/05, j knight [EMAIL PROTECTED] wrote: Where are the rules that pass the return traffic in on tun0? Or, from a different point of view, where are the rules that pass the connection out on tun0 and create state? pass in log quick on tun0 proto tcp from any port = www to any keep state

Re: Sample ruleset for dividing LANs

--- Steven Bowers [EMAIL PROTECTED] wrote: I have a ruleset that is partially working, but I've hit a wall trying to figure out why a few parts do not work. The wifi is intended to be a hot-spot here in the apt complex, but I'm having trouble restricting them to their assigned services

Re: www {80,443} ACK's - PF Flags

alex wilkinson wrote: pass in log quick on tun0 proto tcp from any port = www to any keep state pass in log quick on tun0 proto tcp from any port = https to any keep state Well, that seems proper. However, this is just a guessing game since you're not posting your entire ruleset :-/ Somewhere

pf, altq shaping question

Can please anyone tell me if this is posible or not : I have several users behind a firewall + nat and i have to accomplish 3 types of shaping per user : local country shape, internet shape, and upload shape Is this posible or not with altq. I know for sure that inbound and outbound can be done

OpenBSD pf howto (was Re: www {80,443} ACK's - PF Flags)

According to j knight ([EMAIL PROTECTED]): I have been following the following doc: [http://www.inebriated.demon.nl/pf-howto], and there are examples in there that filter for only SYN flags in a SYN+ACK mask. Which is bizarre bec if I do that it doesn't work. That howto is old. Three years

Question/suggestions about tftp

I'm trying to set up a tftp server to host the configs of some PIX boxes. The PIXes and the tftp server are separated by a pf box. And before anyone gets smart and says why not replace the PIXes with PF that's a non-starter. I'd love to, but it ain't going to happen. Anyway onto the the

Re: pf, altq shaping question

--- Nikolay Kalev [EMAIL PROTECTED] wrote: Can please anyone tell me if this is posible or not : I have several users behind a firewall + nat and i have to accomplish 3 types of shaping per user : local country shape, internet shape, and upload shape Is this posible or not with altq. I