Dear freebsd list,
I have the following pf.conf file:
tcp_services = "{ ftp, ssh, domain, www, auth, https }"
udp_services = "{ ftp, domain, ntp }"
icmp_types = "echoreq"
block all
pass inet proto icmp all icmp-type $icmp_types keep state
#pass in proto tcp to any port 22 keep state
pass out proto tcp to any port $tcp_services keep state
#pass out proto tcp to any port 25 keep state
#pass out proto tcp to any port 465 keep state
#pass out proto tcp to any port 587 keep state
pass out proto tcp to any port 5999 keep state
#pass out all keep state
#pass out proto tcp to any keep state
pass out proto udp to any port $udp_services
However,if I try to fetch a file from a ftp server as in the followining
example:fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/bash/FAQ
I get the result: Operation not permitted
My first question is: What is causing this? If I stop pf, then I' m able to
fetch it.
My second question is:Is my ruleset looking fine, as i want to block everything
and only let some specific services go out. Or need t be tightened more?
BrgdsDino
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
