On Fri, Jun 10, 2005 at 09:33:50PM +0300, Giorgos Keramidas wrote:
>
> Existing icmp states?
>
> Did you reload the rules with:
>
> /etc/rc.d/pf reload
>
> or by directly running pfctl?
I tried flushing everything with pfctl -Fa, and then loading the rules with
pfctl -f /etc/pf.conf. Th
On 2005-06-09 13:48, Matt Rechkemmer <[EMAIL PROTECTED]> wrote:
> On Thu, Jun 09, 2005 at 01:51:16PM +0300, Giorgos Keramidas wrote:
> >
> > If you add "quick" to the `block from ' rule, packets from
> > these hosts will immediately be dropped -- which is what you probably
> > want to do, if I have
On Thu, Jun 09, 2005 at 01:51:16PM +0300, Giorgos Keramidas wrote:
>
> If you add "quick" to the `block from ' rule, packets from
> these hosts will immediately be dropped -- which is what you probably
> want to do, if I have understood what you wrote so far.
>
> - Giorgos
OK, I've added quick t
On 2005-06-09 03:18, Matt Rechkemmer <[EMAIL PROTECTED]> wrote:
> On Tue, Jun 07, 2005 at 01:50:30PM +0300, Giorgos Keramidas wrote:
> >
> > We'd have to see the entire ruleset and a tcpdump of traffic that passes
> > through to know what's wrong.
> >
> > - Giorgos
>
> Here are the rules as taken f
On Tue, Jun 07, 2005 at 01:50:30PM +0300, Giorgos Keramidas wrote:
>
> We'd have to see the entire ruleset and a tcpdump of traffic that passes
> through to know what's wrong.
>
> - Giorgos
Here are the rules as taken from pfctl -sr. I can also provide a copy of
pf.conf, if needed. The user's
On Tue, Jun 07, 2005 at 07:12:43AM -0500, John Brooks wrote:
> Are you sure the ruleset is loaded, and pf is enabled?
>
> --
> John Brooks
> [EMAIL PROTECTED]
Yes, pfctl -sr yields the rule right under "scrub in all."
--
Matt Rechkemmer
[EMAIL PROTECTED]
Are you sure the ruleset is loaded, and pf is enabled?
--
John Brooks
[EMAIL PROTECTED]
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Matt Rechkemmer
> Sent: Tuesday, June 07, 2005 1:43 AM
> To: [EMAIL PROTECTED]
> Subject:
On 2005-06-06 23:43, Matt Rechkemmer <[EMAIL PROTECTED]> wrote:
> So, at the very top of my pf "filter" rules, I have these rules:
>
> block drop in quick on fxp0 inet proto icmp from 1.3.3.7 to any
> block drop in quick on fxp0 inet proto tcp from 1.3.3.7 to any
>
> 1.3.3.7 is a made up IP address
So, at the very top of my pf "filter" rules, I have these rules:
block drop in quick on fxp0 inet proto icmp from 1.3.3.7 to any
block drop in quick on fxp0 inet proto tcp from 1.3.3.7 to any
1.3.3.7 is a made up IP address ;-). Even with this rule present, pf allows
traffic from the IP through.
