On Mon, Sep 26, 2011 at 10:16 AM, Hassan Monfared <hmonfa...@gmail.com> wrote: > thanks for clear answer ! > I'd already read. > not bad idea to refer every question on the list to the manuals and books or > man pages, huh ?
Because nearly 95% or more was already answered in them? ;-) This is not Linux. > > On Mon, Sep 26, 2011 at 11:35 AM, Gregory Edigarov > <g...@bestnet.kharkov.ua>wrote: > >> Why can't you read how does statefull filtration works? You'd be much >> better with the full explanation of TCP handshake process, and how does >> a statefull firewall fits into picture. >> >> On Mon, 26 Sep 2011 11:26:54 +0330 >> Hassan Monfared <hmonfa...@gmail.com> wrote: >> >> > Hi again, >> > all 6 webservers are behind FW , >> > doesn't "block in on $intif" rule blocks TCP handshaking ? I mean ACK >> > message must be passed on $intif, mustn't ? >> > Regards, >> > Hassan H. Monfared >> > >> > >> > On Mon, Sep 26, 2011 at 11:21 AM, Gregory Edigarov >> > <g...@bestnet.kharkov.ua>wrote: >> > >> > > >> > > If your firewall is on the same machine as webserver -you can safely >> > > use the ruleset i wrote. >> > > >> > > if not - you should have B block in on $intif >> > > >> > > On Mon, 26 Sep 2011 10:40:09 +0330 >> > > Hassan Monfared <hmonfa...@gmail.com> wrote: >> > > >> > > > thank you, >> > > > is it right blocking connection initiation from inside using rule >> > > > something like: >> > > > block in on $if flags S/SA >> > > > am I right ? >> > > > >> > > > Regards, >> > > > Hassan H. Monfared >> > > > >> > > > >> > > > On Mon, Sep 26, 2011 at 10:18 AM, Gregory Edigarov >> > > > <g...@bestnet.kharkov.ua>wrote: >> > > > >> > > > > On Mon, 26 Sep 2011 09:48:20 +0330 >> > > > > Hassan Monfared <hmonfa...@gmail.com> wrote: >> > > > > >> > > > > > Hi, >> > > > > > Any idea for denying connection initiation to outside from >> > > > > > any web server protected by PF? ( wanna block Trojans and >> > > > > > reverse connections while incomming http traffic is allowed) . >> > > > > >> > > > > block all >> > > > > pass in on $if from any to ($if) >> > > > > >> > > > > will block it as you wish. >> > > > > >> > > > > >> > > > > -- >> > > > > With best regards, >> > > > > B B B B Gregory Edigarov
