Claudio Jeker wrote:
On Mon, Oct 17, 2005 at 04:32:26PM -0400, stan wrote:
What ports do I need to open up on a pf firewall to allow it to
send/recieve ospf?
pass proto ospf
Hm, that's very short (but parsing the rule work).
Actually I'm building an OpenBSD/OpenBGPD/OSPF/PF [3.8 20051010 snap] as
a replacement for a fbsd/zebra/ospf box.
The pf setup is somewhat hairy with 3 peers, 1 subnet for hosting, 1
subnet for infrastructure, queueing, spamd (incomming only), carp (for
the next obsd box with 3 more peers/redundancy) and what not.
I've made rules for 179/tcp but could I actually just do:
pass proto egp
?
Would still like it more specific than the above, but maybe not as
specific as I've made it so fare.
My old setup has 3yrs on it's back and is a bit "bulky" (ipfw).
The transition from fbsd to obsd will be:
- switch cables
- power on
- check prefix/connections
- check rules/availability
- everybody's happy
which is why a initial set of effective rules for bgp and ospf is
mandatory (every ruls is mandatory, but I have plenty on my hands the
first 10min besides lack of connection due to a too strict setup).
Thank you very much.
/per
[EMAIL PROTECTED]
