Here is a copy of my current pf.conf ruleset. I would like to log two
different things. I would like to log external connections to tcp port
22 (SSH), and I would like to log the tcp/udp packets that are blocked
coming from the internal network going outbound (the connections going
outbound that ar
e-NAT), and with "block return-rst" just so the
user gets an immediate deny instead of waiting for a time-out.
But, in the words of John Candy, "that's just me."
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Phusion
Sent: Friday,
2004 3:12 PM
To: Kevin
Cc: Phusion; [EMAIL PROTECTED]
Subject: Re: AIM and packet filters (was Re: Logging Question)
On Fri, 2004-11-12 at 11:41:10 -0600, Kevin proclaimed...
> While a strong deep-protocol-inspection product like the IntruShield
> *might* detect the protocol anomoly, the on
On Fri, 2004-11-12 at 11:41:10 -0600, Kevin proclaimed...
> While a strong deep-protocol-inspection product like the IntruShield
> *might* detect the protocol anomoly, the only effective way for a
> stateful packet inspection device to block AIM is to refuse ALL
> traffic towards the IP addresses
You'd be better served attaching your entire pf.conf
Phusion spewed:
> I have a question about logging certain packets. On my internal
> network I allow the following traffic outbound: tcp
> 21,22,25,53,80,110,443,5999 and udp 53,67,123. I was wondering how I
> can log all the blocked outbound tra
Actually, I was just using AOL Instant Messenger as an example.
Another example is that I might want to block and log cvsup (tcp 5999)
traffic from going outbound. If I don't have it in my allowed
tcp_ports it should be blocked and not allowed out. I tried to cvsup
out and it works (allowed out) an
--- Phusion wrote:
> I'm having a problem because when I tried
> AOL Instant Messenger, it should have been blocked, logged and not
> been able to connect because it makes an outbound connection to tcp
> port 5190 which isn't allowed, but it still works.
Are you sure AOL IM is using 5190 when i
On Fri, 12 Nov 2004 10:31:13 -0600, Phusion <[EMAIL PROTECTED]> wrote:
> I'm having a problem because when I tried
> AOL Instant Messenger, it should have been blocked, logged and not
> been able to connect because it makes an outbound connection to tcp
> port 5190 which isn't allowed, but it stil
I have a question about logging certain packets. On my internal
network I allow the following traffic outbound: tcp
21,22,25,53,80,110,443,5999 and udp 53,67,123. I was wondering how I
can log all the blocked outbound traffic like to tcp and udp port
1214, 4662, and the rest. I'm having a problem b
