> List,
> How can I block nmap options using PF ??
> Thanks...
-
block in all
block out all
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any
, could someone maybe point
> out what I am doing wrong here ?
> Thanks a bunch!
> Nils.
-----
This assumes that the DNS server is on another machine than the
gateway itself. AFIK there is no way to route traffic that comes from
the gateway machine it
> On Thursday 11 August 2005 18:09, Hexren wrote:
>> We tried to run NAT on GRE sessions. That failed with more than 1 host
>> in the NATed network using GRE. ( GRE NAT is after all not really
>> supported as far as I can see,so no big surprise here)
>> The unfortunat
We tried to run NAT on GRE sessions. That failed with more than 1 host
in the NATed network using GRE. ( GRE NAT is after all not really
supported as far as I can see,so no big surprise here)
The unfortunate thing that I would call a bug is that the gateway did
not fail gracefuly (dropping the sess
>
$machine1_ip
(all in one line ofcourse :)
should do the trick, imho. Can you show the things that you've tried
that didn't do it ?
Kind regards
Hexren
___
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebs
ont know what kind of firewall you're using but maybe this is
helpfull to:
Have you thought about using something like "( tun0 )". To my
understanding this means "packets that come in through a IP address
associated with the interface tun0".
Hexren
is the very first rule after the nat/rdr rules" as obviously
"on $ext_if" in the pass rule. Is not true for a packet traversing
$int_if. Imho a rule alog the lines of "pass on $int_if from any to
$elayne port { $elayne_ftp_service } keep state" should fix the
problem. Try it I am not dead sure.
Regards
Hexren
___
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
n do :)
Have you read http://www.openbsd.org/faq/pf/pools.html
Then try only the rule
"pass in quick on $inside_int route to ( $ISP1_int $ISP1_router ) \
proto icmp from $ISP1_inside_net to any keep state"
try adding log options to the rules and start listening on pflog0 to
where your packet
