Ingo Schwarze <[EMAIL PROTECTED]> writes:
> man tcpdump && tcpdump -tttner /var/log/pflog
hehe ... well put and thanks... nice.
man tcpdump && tcpdump -tttner /var/log/pflog
Harry Putnam wrote on Thu, Mar 09, 2006 at 12:39:02PM -0600:
> "Jim" <[EMAIL PROTECTED]> writes:
[...]
> You are getting good commentary already so I'm asking a lamer noob
> about how you got the output below. tcpdump?
[...]
>> Mar 07 20:30:43.516434
"Jim" <[EMAIL PROTECTED]> writes:
[...]
You are getting good commentary already so I'm asking a lamer noob q
about how you got the output below. tcpdump?
> Here is the tail of the pflog file while she is on
>
> Mar 07 20:30:43.516434 rule 14/0(match): pass out on dc0:
> 67.174.79.141.60805 > 6
Hey Jim,
Quoting Jim <[EMAIL PROTECTED]>:
> If I were her, and I saw these rules, I would just change my IP with
> ifconfig :D
>
> two problems here.
> 1. she is not smart enough
I hope you mean, "she is not knowledgeable enough".
Shane
-
If I were her, and I saw these rules, I would just change my IP with
ifconfig :D
two problems here.
1. she is not smart enough
2. dhcpd is configured to look at her mac address and always assign this ip.
cheers.
Jim
Thanks to all who helped solve this problem. It has been very educational
for me. I knew I could find the answer here... as always.
Jim
On Wed, Mar 08, 2006 at 10:29:53AM -0800, Bryan Irvine wrote:
> On 3/7/06, Jim <[EMAIL PROTECTED]> wrote:
> > When my kid gets grounded I block the gameroom computer from getting to the
> > internet. The script that runs is
> >
> > #!/bin/sh -
> > cp /home/jmays/pf.conf.noGameroom /etc/pf.conf
> >
On 3/7/06, Jim <[EMAIL PROTECTED]> wrote:
> When my kid gets grounded I block the gameroom computer from getting to the
> internet. The script that runs is
>
> #!/bin/sh -
> cp /home/jmays/pf.conf.noGameroom /etc/pf.conf
> pfctl -F rules -f /etc/pf.conf
> pfctl -F nat -f /etc/pf.conf
>
The script
On Tue, Mar 07, 2006 at 11:08:51PM -0500, Chris Zakelj wrote:
> Steven wrote:
> > * Jim <[EMAIL PROTECTED]> [060307 20:36]:
> >> The problem is that if the kid is already logged into AOL Instant
> >> messenger, the connection is not broken. So even though she is
> >> grounded, she can still chat a
Try flushing the state table too.
-Andy
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Jim
Sent: 08 March 2006 03:00
To: misc@openbsd.org
Subject: Why packets are not blocked
When my kid gets grounded I block the gameroom computer from getting to the
pfctl -Fs flushes the state table. Bear in mind this will drop your
current ssh session to the firewall if that is how you access it.
pftop has a nice layout of the state table if you want to see which
rules/stats are allowing traffic.
Axton Grams
On 3/8/06, Stuart Henderson <[EMAIL PROTECTED]>
On 2006/03/07 23:08, Chris Zakelj wrote:
> Aye. You're flushing rules and NAT, but not your state table. Since
> the state is already established, rules aren't re-evaluated. Adding a
> state flush ought to get AOL wiped out. Just be mindful that if you
> have something going on (like an SSH ses
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mar 7, 2006, at 11:20 PM, Jim wrote:
Has pfctl -k always been in pf or is this something that was new?
It appears to have been introduced in 3.1.
http://www.openbsd.org/cgi-bin/man.cgi?
query=pfctl&apropos=0&sektion=8&manpath=OpenBSD
+3.1&a
Has pfctl -k always been in pf or is this something that was new?
- Original Message -
From: "Ray Lai" <[EMAIL PROTECTED]>
To: "Jim" <[EMAIL PROTECTED]>
Cc:
Sent: Tuesday, March 07, 2006 9:59 PM
Subject: Re: Fw: Why packets are not blocked
On Tue,
Steven wrote:
> * Jim <[EMAIL PROTECTED]> [060307 20:36]:
>> The problem is that if the kid is already logged into AOL Instant
>> messenger, the connection is not broken. So even though she is
>> grounded, she can still chat all day on AIM. Why isn't this pf.conf
>> file blocking everything on th
On Tue, Mar 07, 2006 at 09:48:14PM -0600, Jim wrote:
> >>don't forget to flush/kill states if you want existing connections to
> be torn down.
>
> How do I do that?
pfctl -k
-Ray-
don't forget to flush/kill states if you want existing connections to
be torn down.
How do I do that?
Jim
* Jim <[EMAIL PROTECTED]> [060307 20:36]:
The problem is that if the kid is already logged into AOL Instant
messenger, the connection is not broken. So even though she is grounded,
she can still chat all day on AIM. Why isn't this pf.conf file blocking
everything on that computer?
I'm not
When my kid gets grounded I block the gameroom computer from getting to the
internet. The script that runs is
#!/bin/sh -
cp /home/jmays/pf.conf.noGameroom /etc/pf.conf
pfctl -F rules -f /etc/pf.conf
pfctl -F nat -f /etc/pf.conf
The file that becomes the pf.conf file is
# pf.conf.noGameroom f
19 matches
Mail list logo
