CZUCZY Gergely wrote:
On Thu, 08 May 2008 01:04:54 +0300
Oleksandr Samoylyk <[EMAIL PROTECTED]> wrote:
Dear Community,
I want to move some of our firewalls from Linux/iptables to FreeBSD/pf.
After reading man pf.conf for a couple of minutes I couldn't find the
realization of such iptables rul
On Thu, 08 May 2008 11:05:45 +0300
Oleksandr Samoylyk <[EMAIL PROTECTED]> wrote:
> CZUCZY Gergely wrote:
> > On Thu, 08 May 2008 01:04:54 +0300
> > Oleksandr Samoylyk <[EMAIL PROTECTED]> wrote:
> >
> >> Dear Community,
> >>
> >> I want to move some of our firewalls from Linux/iptables to FreeBSD/
CZUCZY Gergely schreef:
On Thu, 08 May 2008 11:05:45 +0300
Oleksandr Samoylyk <[EMAIL PROTECTED]> wrote:
CZUCZY Gergely wrote:
On Thu, 08 May 2008 01:04:54 +0300
Oleksandr Samoylyk <[EMAIL PROTECTED]> wrote:
Dear Community,
I want to move some of our firewalls from Linux/ipta
On Thu, May 08, 2008 at 10:16:12AM +0200, Jille wrote:
> iptables -t nat -A PREROUTING -i ethX -p tcp --dport 2525 -j DNAT
> --to-destination :25
>
rdr on $interface proto tcp from any to port 2525 ->
port 25
>>> I meant _any_ destination with 25 port.
>>
CZUCZY Gergely wrote:
On Thu, 08 May 2008 11:05:45 +0300
Oleksandr Samoylyk <[EMAIL PROTECTED]> wrote:
CZUCZY Gergely wrote:
On Thu, 08 May 2008 01:04:54 +0300
Oleksandr Samoylyk <[EMAIL PROTECTED]> wrote:
Dear Community,
I want to move some of our firewalls from Linux/iptables to FreeBSD/p
On Thu, 08 May 2008 11:36:26 +0300
Oleksandr Samoylyk <[EMAIL PROTECTED]> wrote:
> >> That iptables rule worked for any destination.
> > You cannot rewrite a packet's destination address to _any_ destination.
> >
> > It's like you cannot submit a package at the post office with the
> > destinat
On Thu, 2008-05-08 at 01:04 +0300, Oleksandr Samoylyk wrote:
> Dear Community,
>
> I want to move some of our firewalls from Linux/iptables to FreeBSD/pf.
>
> After reading man pf.conf for a couple of minutes I couldn't find the
> realization of such iptables rule in pf:
>
> iptables -t nat -A P
On Thu, 2008-05-08 at 11:36 +0300, Oleksandr Samoylyk wrote:
> CZUCZY Gergely wrote:
> > On Thu, 08 May 2008 11:05:45 +0300
> > Oleksandr Samoylyk <[EMAIL PROTECTED]> wrote:
> >
> >> CZUCZY Gergely wrote:
> >>> On Thu, 08 May 2008 01:04:54 +0300
> >>> Oleksandr Samoylyk <[EMAIL PROTECTED]> wrote:
Elliott Perrin <[EMAIL PROTECTED]> 2008-05-08:
> On Thu, 2008-05-08 at 11:36 +0300, Oleksandr Samoylyk wrote:
> > CZUCZY Gergely wrote:
> > > On Thu, 08 May 2008 11:05:45 +0300 Oleksandr Samoylyk
> > > <[EMAIL PROTECTED]> wrote:
> > >> CZUCZY Gergely wrote:
> > >>> On Thu, 08 May 2008 01:04:54 +030
CZUCZY Gergely <[EMAIL PROTECTED]> 2008-05-08:
> On Thu, 08 May 2008 11:36:26 +0300 Oleksandr Samoylyk
> <[EMAIL PROTECTED]> wrote:
> > >> That iptables rule worked for any destination.
> > > You cannot rewrite a packet's destination address to _any_
> > > destination.
> > >
> > > It's like you
Hello.
For example:
pf.conf
ext_if="xl0"
ip_world="nn.nn.nn.nn"
# Filter rules
block log all
anchor in on $ext_if {
pass quick proto tcp to $ip_world port 22 keep state
# SSH
pass quick proto tcp to $ip_world port 25 keep state
# SMTP
This one is for RELENG_7[_0] but should apply ok to CURRENT too.
http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/tools/patches/RELENG_7_0/ipsec_altq.diff?rev=1.2;content-type=text%2Fplain
For RELENG_6 check the freebsd-ipfw@ list i sent one there in reply to a thread.
Ermal
___
On Thu, May 8, 2008 at 1:58 PM, Daniel Roethlisberger <[EMAIL PROTECTED]> wrote:
> CZUCZY Gergely <[EMAIL PROTECTED]> 2008-05-08:
>> On Thu, 08 May 2008 11:36:26 +0300 Oleksandr Samoylyk
>> <[EMAIL PROTECTED]> wrote:
>> > >> That iptables rule worked for any destination.
>> > > You cannot rewrite a
On Thu, 2008-05-08 at 13:35 +0200, Daniel Roethlisberger wrote:
> Elliott Perrin <[EMAIL PROTECTED]> 2008-05-08:
> > On Thu, 2008-05-08 at 11:36 +0300, Oleksandr Samoylyk wrote:
> > > CZUCZY Gergely wrote:
> > > > On Thu, 08 May 2008 11:05:45 +0300 Oleksandr Samoylyk
> > > > <[EMAIL PROTECTED]> wro
14 matches
Mail list logo
