Topic awaiting preservation: Using PF and having problems |
|
---|---|
Author | Thread |
Maniac (V) Mad Scientist From: Rochester, New York, USA |
posted 11-16-2004 04:41
I am trying to use pf to socure a FreeBSD box. code: ext_if = "exl0" # the external card
code: ext_if = "exl0" # the external card
code: ext_if = "exl0" # the external card
|
Maniac (V) Mad Scientist From: :morF |
posted 11-16-2004 08:02
Examine it closely... you're looking to allow it to download files? On HTTP and FTP? Then you need to allow outgoing access to (I think, I don't have my port reference sheets on me) ports 21 and 8080 and incoming on 21 and 80, but for your IP to allow full access. If this works the way I think it does as well remember to enter your rules for what communication is allowed before you start denying it. If you deny first then nothing will work the way you expect it to. |
Maniac (V) Mad Scientist From: Rochester, New York, USA |
posted 11-16-2004 14:25
The way I understand it is that the last matching rule wins, but quick forces the matching to stop and selects the rule if it matches. code: ext_if = "exl0" # the external card
code: ext_if = "exl0" # the external card
|
Nervous Wreck (II) Inmate From: |
posted 11-24-2004 02:06
I don't have a great deal of experience with PF, but using IPFW if you want to be able to connect to external hosts and get packets back while not allowing other people to connect in you need to use statefull rules. In IPFW this creates a dynamic rule table with IP and Port numbers. With non-statefull rules you either have to allow or deny, allowing out only allows out, so you will not even get the reply packets to your own request. code: add check-state
|