Olá, eu estou usando o pf como firewall padrão e o ipfw para controle de banda ACK, acontece que não navega com os 2 ativados, somente o ping funciona. Se eu faço pfctl -F all o internet funciona normal. Como resolver?
Meu uso é como desktop, com o MacBook e OS X Lion. Não tem Suporte a ALTQ. No ipfw uso o http://intrarts.com/throttled.html Aprendi pf em uma hora :) Acho que aprendi creio eu. Mas gostaria de saber se preciso melhorar algo. Se abaixo. set block-policy drop set optimization normal set ruleset-optimization basic set timeout interval 10 set timeout frag 30 set skip on lo0 set debug none set limit frags 4096 set state-policy floating set require-order yes if = "en1" scrub in all # Quebra pacotes mal formados scrub all reassemble tcp scrub out all no-df max-mss 1492 random-id antispoof for $if inet #icmp_types="echoreq" block in pass out # loopback is good pass in quick on lo0 all pass out quick on lo0 all antispoof quick for $if inet # allow icmp #pass in inet proto icmp all icmp-type $icmp_types block in on $if inet proto icmp from ! 192.168.1.5 to any icmp-type 8 code 0 # allow dns queries pass out on $if proto udp from any to any port 53 # pass http traffic pass out on $if proto tcp from $if to any port 80 flags S/SA # pass ftp traffic pass out on $if proto tcp from $if to any port { 21 , 20 } flags S/SA pass in quick inet proto { tcp, udp } from any to any port = 16000 pass out quick inet proto { tcp, udp } from any to any port = 16000 pass in quick inet proto { tcp, udp } from any to any port = 16003 pass out quick inet proto { tcp, udp } from any to any port = 16003 pass in quick inet proto { tcp, udp } from any to any port = 51413 pass out quick inet proto { tcp, udp } from any to any port = 51413 pass in quick inet proto { tcp, udp } from any to any port = 38772 pass out quick inet proto { tcp, udp } from any to any port = 38772 pass in quick inet proto udp from any to any port = 123 pass out quick inet proto udp from any to any port = 123 pass in quick inet proto udp from any to any port = 192 pass out quick inet proto udp from any to any port = 192 pass in quick inet proto tcp from any to any port = 443 pass out quick inet proto tcp from any to any port = 443 pass in quick inet proto tcp from any to any port = 548 pass out quick inet proto tcp from any to any port = 548 pass in quick inet proto udp from any to any port = 5353 pass out quick inet proto udp from any to any port = 5353 # Ativa a proteção contra falsificações para todas as interfaces block in quick from urpf-failed # block scans com nmap block in quick proto tcp flags FUP/WEUAPRSF block in quick proto tcp flags WEUAPRSF/WEUAPRSF block in quick proto tcp flags SRAFU/WEUAPRSF block in quick proto tcp flags /WEUAPRSF block in quick proto tcp flags SR/SR block in quick proto tcp flags SF/SF block drop in quick on $if from any os { NMAP } pass on lo0 all ----- Cabral Bandeira ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
