Sorry to bother again.
Still no luck with pf in combination with ftp-proxy.
A connection is made, but then it is blocked (getting no route to host):
Here is the output of gftp:
Looking up ftp.lontronics.nl
Trying ftp.lontronics.nl:21
Connected to ftp.lontronics.nl:21
220 Gene6 FTP Server v3.9.0
On 5/28/07, Woodchuck <[EMAIL PROTECTED]> wrote:
I wonder if this setup will allow you to do dhcp. Probably during
boot, (before it takes effect, when the rules in /etc/rc are active),
but afterwards, not.
Typically, dhclient(8) uses the bpf(4) devices and is not troubled by
PF's ruleset. If I
Thanks Joachim and Woodchuck for your replies.
To be RFC compliant I will add icmp.
I will also add logging to check the output, can indeed be very helpfull.
I am not using ssh and dhcp, so I have blocked those ports
About 'block inet6'; I thought that 'block all' did that job?
I will also add
On Mon, May 28, 2007 at 11:27:46PM +0200, Lontronics Mailinglist account wrote:
> Okay, this should be it, any commends are appreciated.
> The >1023 is used for ftp;
That is not the proper solution; use ftp-proxy, as documented in the
FAQ.
> ###
On Mon, 28 May 2007, Lontronics Mailinglist account wrote:
> Okay, found some stuff on the internet; this is it at the moment:
>
> # $OpenBSD: PF firewall rules $
>
> # ports: see /etc/services
> # 21 = ftp
> # 22 = ssh
> # 25 = smtp
> # 53 = domain
> # 80 = www
> # 110 = pop3
> # 12
Okay, this should be it, any commends are appreciated.
The >1023 is used for ftp;
###
# $OpenBSD: PF firewall rules $
tcp_pass = "{ 21 22 25 53 80 110 123 >1023}"
udp_pass = "{ 53 110 }"
# scrub
scrub in all
# setup a default deny policy
Okay, found some stuff on the internet; this is it at the moment:
# $OpenBSD: PF firewall rules $
# ports: see /etc/services
# 21 = ftp
# 22 = ssh
# 25 = smtp
# 53 = domain
# 80 = www
# 110 = pop3
# 123 = ntp
# 631 = ipp (CUPS)
# 6667 = irc
tcp_pass = "{ 21 22 25 53 80 110 123 6667}
7 matches
Mail list logo
