Re: Including files in pf.conf

Il 06/09/2012 13:54, Thomas Steen Rasmussen ha scritto: On 06-09-2012 12:40, Damien Fleuriot wrote: Would this be of interest to anyone besides me ? Hello, Yes, I would be interested. Sounds very nice for large rulesets that can get a bit unmanageable in one file. If possible, please support

Re: Question on packet filter using in and out interfaces

Daniel. thanks for detailed explanations! Regards, Tonino Inter@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it

Re: Question on packet filter using in and out interfaces

Sorry, gorgot a basic rule! Il 23/07/2012 13:26, Tonix (Antonio Nati) ha scritto: Il 23/07/2012 13:13, Daniel Hartmeier ha scritto: On Mon, Jul 23, 2012 at 12:53:41PM +0200, Tonix (Antonio Nati) wrote: So, does that mean the OUT phase evaluation always occurs when IN phase has been positive

Re: Question on packet filter using in and out interfaces

Il 23/07/2012 13:13, Daniel Hartmeier ha scritto: On Mon, Jul 23, 2012 at 12:53:41PM +0200, Tonix (Antonio Nati) wrote: So, does that mean the OUT phase evaluation always occurs when IN phase has been positive (packet should pass)? Yes. You have to both allow a packet in on the first

Re: Question on packet filter using in and out interfaces

Il 23/07/2012 11:55, Daniel Hartmeier ha scritto: On Mon, Jul 23, 2012 at 11:37:27AM +0200, Tonix (Antonio Nati) wrote: What it is not clear to me is related to in/out rules evaluation. Diagram starts obviously from the packet entering the system, until the packet exits the system. When the

Re: Question on packet filter using in and out interfaces

Il 21/07/2012 20:23, Daniel Hartmeier ha scritto: On Sat, Jul 21, 2012 at 05:22:07PM +0200, Tonix (Antonio Nati) wrote: If you can provide a link to this PF diagram it would be very useful. A copy is preserved on http://www.benzedrine.cx/pf_flow.png Yes, there are two phases. HTH, Daniel

Re: Question on packet filter using in and out interfaces

ar in mind the effect of the 'quick' keyword. Something I tend to always use. Regards Greg -Original Message----- From: Tonix (Antonio Nati) [mailto:to...@interazioni.it] Sent: Saturday, 21 July 2012 11:49 PM To: Greg Hennessy Cc: freebsd-pf@freebsd.org Subject: Re: Question on pack

Re: Question on packet filter using in and out interfaces

[mailto:owner-freebsd- p...@freebsd.org] On Behalf Of Tonix (Antonio Nati) Sent: Friday, 20 July 2012 1:25 AM To: freebsd-pf@freebsd.org Subject: Question on packet filter using in and out interfaces I have a basic question is on usage of 'in' or 'out' interfaces, on practical usage. I

Re: Question on packet filter using in and out interfaces

Il 19/07/2012 18:51, Hooman Fazaeli ha scritto: On 7/19/2012 7:54 PM, Tonix (Antonio Nati) wrote: Which is the real situation? Does really Packet Filter has any security advantage having only 'in' rules, or there is no difference on using out interface instead of in interface?

Question on packet filter using in and out interfaces

I have a basic question is on usage of 'in' or 'out' interfaces, on practical usage. I'm having some talks in PFsense mailing list, and I'm saying there is no security difference about using rulesets on output interfaces or on input interfaces, as PF is evaluating all rules in the same phase.