Thank you for all the help. I've created a new ruleset which I hope
is ok.
# macros
int_if = "em0"
# tables
# options
set block-policy return
# scrub
scrub all
# filter rules
block log inet6 all
pass quick on lo0 inet6 all
pass in quick on gif0 inet6 proto icmp6 icmp6-type echoreq keep st
On Fri, Feb 24, 2006 at 12:15:44PM +0100, Stefan wrote:
> Hi,
>
> for several years I've used Linux on some machines while now I'm
> trying to switch to OpenBSD. With the Linux Firewall called iptables
> you can easely block all connections which try to establish a new
> connection. For exam
Stefan <[EMAIL PROTECTED]> writes:
> block in inet6 all
> pass in inet6 proto { tcp, udp } from any to any flags /S
'keep state' would certainly help.
I would suggest something along the lines of
block all
pass inet proto { tcp, udp } from $me to any port $portsiwant keep state
with useful def
On Feb 24, 2006, at 6:29 AM, Otto Moerbeek wrote:
On Fri, 24 Feb 2006, Stefan wrote:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Does someone know if this is also possible with the OpenBSD PF?
Read http://www.openbsd.org/faq/pf/filter.html#state, esp. the
flags sectio
On Fri, 24 Feb 2006, Stefan wrote:
> Hi,
>
> for several years I've used Linux on some machines while now I'm
> trying to switch to OpenBSD. With the Linux Firewall called iptables
> you can easely block all connections which try to establish a new
> connection. For example your default pol
5 matches
Mail list logo
