Most importantly: you shouldn't base network/firewall security on the
results of Gibson's utility. Meaning, if your goal is to make "Shields
Up!" return a non-failure result, then you're probably wasting your
time.
Thank you Jeremy :-)
I'm fairly new to PF and when I see things I do not und
On Thu, Aug 21, 2008 at 07:07:57AM +0200, Erik Danielsson wrote:
> Thanks guys.
>
> One question remains though. To count the total traffic from a certain IP
> range, should a separate PF rule with a label be used? If so, how can I
> reset only the labels statistics whenever I want to?
The manpag
Thanks guys.
One question remains though. To count the total traffic from a certain IP
range, should a separate PF rule with a label be used? If so, how can I
reset only the labels statistics whenever I want to?
On Wed, Aug 20, 2008 at 3:27 PM, Jille <[EMAIL PROTECTED]> wrote:
> Erik Danielsson
On Wednesday 20 August 2008 19:16:11 Leslie Jensen wrote:
> Jeremy Chadwick skrev:
> > On Wed, Aug 20, 2008 at 04:13:01PM +0200, Leslie Jensen wrote:
> >> I've done some testing with Steve Gibsons "Shields up"
> >> https://www.grc.com/x/ne.dll?bh0bkyd2
> >>
> >> These tests lists the ports as close
On Wed, Aug 20, 2008 at 07:16:11PM +0200, Leslie Jensen wrote:
> Jeremy Chadwick skrev:
>> On Wed, Aug 20, 2008 at 04:13:01PM +0200, Leslie Jensen wrote:
>>> I've done some testing with Steve Gibsons "Shields up"
>>> https://www.grc.com/x/ne.dll?bh0bkyd2
>>>
>>> These tests lists the ports as close
Leslie Jensen a écrit :
I've defined a variable
proxyport = "{ 8080 }"
The rule
rdr on $int_if inet proto tcp from $internal_net to any /
port $proxy_services -> $proxy port $proxyport
gives me a "Syntax error in config file:"
I use the same variable in another rule and it does not produce
Leslie Jensen a écrit :
When setting up PF I found the recommendation to use the following
rule to allow ICMP to pass.
# macros
icmp_types="echoreq"
# filter rules
pass in inet proto icmp all icmp-type $icmp_types keep state
I do not understand why this is necessary!
Will someone Please ex
I've defined a variable
proxyport = "{ 8080 }"
The rule
rdr on $int_if inet proto tcp from $internal_net to any /
port $proxy_services -> $proxy port $proxyport
gives me a "Syntax error in config file:"
I use the same variable in another rule and it does not produce a
"Syntax error"
pass
When setting up PF I found the recommendation to use the following rule
to allow ICMP to pass.
# macros
icmp_types="echoreq"
# filter rules
pass in inet proto icmp all icmp-type $icmp_types keep state
I do not understand why this is necessary!
Will someone Please explain to me why it's nece
Jeremy Chadwick skrev:
On Wed, Aug 20, 2008 at 04:13:01PM +0200, Leslie Jensen wrote:
I've done some testing with Steve Gibsons "Shields up"
https://www.grc.com/x/ne.dll?bh0bkyd2
These tests lists the ports as closed but visible.
Instead the site suggest that one uses stealth so that the port
Jeremy Chadwick skrev:
On Wed, Aug 20, 2008 at 04:13:01PM +0200, Leslie Jensen wrote:
I've done some testing with Steve Gibsons "Shields up"
https://www.grc.com/x/ne.dll?bh0bkyd2
These tests lists the ports as closed but visible.
Instead the site suggest that one uses stealth so that the port
Leslie Jensen wrote:
Hello
I've done some testing with Steve Gibsons "Shields up"
https://www.grc.com/x/ne.dll?bh0bkyd2
These tests lists the ports as closed but visible.
Instead the site suggest that one uses stealth so that the ports are
not visible from the Internet.
Is there a way to a
There is sysctl for it. Look for tcp.blackhole and udp.blackhole.
--
Glen Barber
(570)328-0318
___
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
On Wed, Aug 20, 2008 at 04:13:01PM +0200, Leslie Jensen wrote:
> I've done some testing with Steve Gibsons "Shields up"
> https://www.grc.com/x/ne.dll?bh0bkyd2
>
> These tests lists the ports as closed but visible.
>
> Instead the site suggest that one uses stealth so that the ports are not
> vis
Hello
I've done some testing with Steve Gibsons "Shields up"
https://www.grc.com/x/ne.dll?bh0bkyd2
These tests lists the ports as closed but visible.
Instead the site suggest that one uses stealth so that the ports are not
visible from the Internet.
Is there a way to achieve this with PF?
Erik Danielsson wrote:
Hello,
I'm using PF together with ALTQ, but my need of limiting bandwidth has
changed. I need to be able to limit the bandwidth from/to a certain IP
range, but only once a specific amount of data has been transferred from/to
that IP range. At midnight I want the counter to
Erik Danielsson wrote:
Hello,
I'm using PF together with ALTQ, but my need of limiting bandwidth has
changed. I need to be able to limit the bandwidth from/to a certain IP
range, but only once a specific amount of data has been transferred from/to
that IP range. At midnight I want the counter to
Hello,
I'm using PF together with ALTQ, but my need of limiting bandwidth has
changed. I need to be able to limit the bandwidth from/to a certain IP
range, but only once a specific amount of data has been transferred from/to
that IP range. At midnight I want the counter to be reset, and everything
Hi.
For five years I've used ALTQ to shape the upload of my DSL connection
and it has worked very well. All details can be found further down in
this mail but the basic setup is a default CBQ queue with 10% of the
bandwidth and another queue for the remaining 90% with three child
queues where
19 matches
Mail list logo
