* per engelbrecht <[EMAIL PROTECTED]> [2005-10-18 14:36]: > Claudio Jeker wrote: > >On Mon, Oct 17, 2005 at 04:32:26PM -0400, stan wrote: > > > >>What ports do I need to open up on a pf firewall to allow it to > >>send/recieve ospf? > >> > > > > > >pass proto ospf > > Hm, that's very short (but parsing the rule work). > > Actually I'm building an OpenBSD/OpenBGPD/OSPF/PF [3.8 20051010 snap] as > a replacement for a fbsd/zebra/ospf box. > The pf setup is somewhat hairy with 3 peers, 1 subnet for hosting, 1 > subnet for infrastructure, queueing, spamd (incomming only), carp (for > the next obsd box with 3 more peers/redundancy) and what not. > > I've made rules for 179/tcp but could I actually just do: > pass proto egp > ?
bgp uses tcp, no special protocol. pass in on dc2 inet proto tcp from $workix_lan to $workix_ip port 179 keep state pass out on dc2 inet proto tcp to $workix_lan port 179 keep state etc -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
