On Thu, 08 May 2008 01:04:54 +0300
Oleksandr Samoylyk <[EMAIL PROTECTED]> wrote:
> Dear Community,
>
> I want to move some of our firewalls from Linux/iptables to FreeBSD/pf.
>
> After reading man pf.conf for a couple of minutes I couldn't find the
> realization of such iptables rule in pf:
>
Jille wrote:
>
>
>
> Ansar Mohammed schreef:
>> Ok, so adding the line as you suggested worked. Thanks Kevin.
>>
>> But why do I need to have both entries in for
>> pass in proto udp from any to any port 53
>> pass out proto udp from any to any port 53
>>
>> what makes UDP so special?
> UDP is s
On Wed, May 07, 2008 at 06:06:38PM -0400, Ansar Mohammed wrote:
> So I am using FreeBSD 7 and it doesn't work either way with "keep state"
> there or not. The only catch here is that everything is running on VMWare,
> although that should not matter. I have been using pf for about 2 years now.
> I
On Wednesday 07 May 2008 19:34:00 Ansar Mohammed wrote:
> I have a very simple configuration yet I am bemused as to what I am
> doing wrong.
>
>
> Windows 2003 <- FreeBSD-PF ->Windows 2003
> 192.168.3.2 192.168.3.1 192.168.2.2 192.168.2.130
> Here are my r
So I am using FreeBSD 7 and it doesn't work either way with "keep state"
there or not. The only catch here is that everything is running on VMWare,
although that should not matter. I have been using pf for about 2 years now.
I feel this may be a bit of a bug.
I even set the state-policy to floati
Dear Community,
I want to move some of our firewalls from Linux/iptables to FreeBSD/pf.
After reading man pf.conf for a couple of minutes I couldn't find the
realization of such iptables rule in pf:
iptables -t nat -A PREROUTING -i ethX -d ! my.smtp.server -p tcp --dport
25 -j DROP
iptables -t
Dear Community,
I want to move some of our firewalls from Linux/iptables to FreeBSD/pf.
After reading man pf.conf for a couple of minutes I couldn't find the
realization of such iptables rule in pf:
iptables -t nat -A PREROUTING -i ethX -d ! my.smtp.server -p tcp --dport
25 -j DROP
iptables
On Wed, May 07, 2008 at 04:54:22PM -0400, Ansar Mohammed wrote:
> But I thought pf would be tracking state?
> Isnt that the whole point of statefull firewalls?
UDP is stateless, however pf still tracks the "state" in the sense that
it knows when there's an outbound or inbound initial packet for UD
Hello to you all,
Last week i've begun to have problem with an HUAWEI E220 HSDPA modem
when connecting to proftpd server. First thing i want to mention is that the
thing
that i'll describe here only happens when i connect from that modem.
First of all the topology of the servers:
ISP[bridged
from pf faq --- http://www.openbsd.org/faq/pf/filter.html#pass
quote:
" One will sometimes hear it said that, "One can not create state with UDP
as UDP is a stateless protocol!" While it is true that a UDP communication
session does not have any concept of state (an explicit start and stop of
commu
You cannot track state of stateless protocols such as UDP.
> -Original Message-
> From: Ansar Mohammed [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, May 07, 2008 4:54 PM
> To: 'Jille'
> Cc: 'Kevin K'; freebsd-pf@freebsd.org
> Subject: RE: UDP weirdness
>
> But I thought pf would be track
But I thought pf would be tracking state?
Isnt that the whole point of statefull firewalls?
> -Original Message-
> From: Jille [mailto:[EMAIL PROTECTED]
> Sent: May 7, 2008 4:50 PM
> To: Ansar Mohammed
> Cc: 'Kevin K'; freebsd-pf@freebsd.org
> Subject: Re: UDP weirdness
>
>
>
> Ansar
Ansar Mohammed schreef:
Ok, so adding the line as you suggested worked.
Thanks Kevin.
But why do I need to have both entries in for
pass in proto udp from any to any port 53
pass out proto udp from any to any port 53
what makes UDP so special?
UDP is stateless,
With TCP you've got an con
Ok, so adding the line as you suggested worked.
Thanks Kevin.
But why do I need to have both entries in for
pass in proto udp from any to any port 53
pass out proto udp from any to any port 53
what makes UDP so special?
> -Original Message-
> From: Kevin K [mailto:[EMAIL PROTECTED]
>
Try pass out proto udp from any to any port 53
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:owner-freebsd-
> [EMAIL PROTECTED] On Behalf Of Ansar Mohammed
> Sent: Wednesday, May 07, 2008 1:34 PM
> To: freebsd-pf@freebsd.org
> Subject: UDP weirdness
>
> I have a very simple confi
I have a very simple configuration yet I am bemused as to what I am doing
wrong.
Windows 2003<- FreeBSD-PF ->Windows 2003
192.168.3.2 192.168.3.1 192.168.2.2 192.168.2.130
Here are my rules
ext_if="le0"
int_if="le1"
int_net="192.168.3.0/24"
ext_ne
Ansar Mohammed wrote:
Hello All,
Does pf have any higher level application inspection capability such as RPC
filtering based on UUID?
No, that is layer 7 style 'deep packet inspection' (tm) voodoo.
Greg
___
freebsd-pf@freebsd.org mailing list
ht
17 matches
Mail list logo
