On Wed, Nov 16, 2005 at 10:21:47AM +0800, Lars Hansson wrote:
> > And if, for any reason whatsoever, pfctl fails to run? The system
> > remains wide open.
>
> Becasue that happens a lot
> Oh come on now, this is a fringe case if there ever was one.
The far more common case where exactly thi
I have something similar in the way dfd_keeper expands variables.
Basically it will expand a python variable to a macro if it contains
one value (that is, if the python variable is a string or singleton
list/tuple), and a list if it contains more than one (that is, if it
is a list/tuple of length
Hello,
I'm trying to redirected outside traffic to internal Exchange Server using
IMAPS protocol :
rdr on $ext_if proto tcp from any to any port 993 -> 192.168.1.1
pass in quick on $ext_if \
proto tcp \
from any to 192.168.1.15 port imaps flags S/SA synproxy state
Outlook clie
"Raphael GRUNDRICH" <[EMAIL PROTECTED]> writes:
> rdr on $ext_if proto tcp from any to any port 993 -> 192.168.1.1
> pass in quick on $ext_if \
> proto tcp \
> from any to 192.168.1.15 port imaps flags S/SA synproxy state
assuming the exchange server is somewhere in $int_if:netw
I have
pass in on $int_if all
pass out on $int_if all
for now
Errata :
pass in quick on $ext_if \
proto tcp \
from any to 192.168.1.1 port imaps flags S/SA synproxy state
-Message d'origine-
De : Peter N. M. Hansteen [mailto:[EMAIL PROTECTED]
Envoyé : mercredi 16 nove
The next step might be a tcpdump on the external interface
to watch the traffic and see that it's not doing something
suprising on some other port or something.
On 11/16/2005 10:20:01 AM, Raphael GRUNDRICH wrote:
Errata :
pass in quick on $ext_if \
proto tcp \
from any to 192.
On 16 Nov 2005 08:40:31 -0800, [EMAIL PROTECTED] (Peter N. M. Hansteen)
wrote:
>"Raphael GRUNDRICH" <[EMAIL PROTECTED]> writes:
>
>> rdr on $ext_if proto tcp from any to any port 993 -> 192.168.1.1
>> pass in quick on $ext_if \
>> proto tcp \
>> from any to 192.168.1.15 port imap
Travis H. wrote:
If you wish to take advantage of this, you can model your script after
static_example.py --- it is not necessary to use the whole twisted
run-time event loop if you just want a static config file.
For the code, see the URL in my sig and look for "Dynamic Firewall Daemon".
Uh w
On Tue, Nov 15, 2005 at 04:22:25PM +0100, Moritz Grimm wrote:
> Allowing lists to expand to no rules may or may not be easy, I don't
> know -- yacc and pfctl's parser is way above my head ... so I'm just
> dropping this idea here; maybe someone finds this useful as well and is
> willing to prov
> Re: pf filtering on loopback?
> Daniel Hartmeier <[EMAIL PROTECTED]> Thu, 15 Jul 2004 06:07:02 PDT
> Thank you for the feedback. There have been several objections to bypass
> filtering on loopback, so the status quo will remain. That is, use of
> synproxy requires use of state-policy i
On Thu, Nov 17, 2005 at 02:04:54AM +0100, Jonas Davidsson wrote:
> I found this in an old archive while I was in the midst of pulling my hair
> out trying to figure why synproxy refused to
> work for local services. This of course helped, (I put if-bound in the
> options for that individual rule
Hi everyone,
we have an OpenBSD 3.7 firewall doing NAT. Behind there is an asterisk
server that communicate with another VoIP server on the internet. When we
are over the phone, the communication is fine until data transfer happen,
it then starts to skip.
Using pf and altq I am able to reserved b
Hi I am writing a program to analyize the drop logs from our pf
firewall. I read the logs from pflog0 with tcpdump.
Currently I am only interested in outbound packets that are being
dropped so I filter on src net . But I get a steady
trickle of packets that are not from our network and which
On Wednesday 16 November 2005 07:30 pm, Daniel Hartmeier wrote:
> On Thu, Nov 17, 2005 at 02:04:54AM +0100, Jonas Davidsson wrote:
> > I found this in an old archive while I was in the midst of pulling
> > my hair out trying to figure why synproxy refused to work for local
> > services. This of cou
Daniel Hartmeier wrote:
> I guess it got lost. Since then, we added the 'set skip on lo' feature
> (which is part of the example pf.conf), which resolves this issue, and
> others.
>
> Instead of going into the gory details of how loopback filtering breaks
> synproxy in this case, I think it would
15 matches
Mail list logo
