Date: Wed, 24 Mar 2004 12:41:27 +0100 (CET) Subject: Re: pf og passiv ftp-klient From: Kim Esben Jørgensen <none@kej--galnet.as.lh.bsd-dk.dk> To: bsd-dk@bsd-dk.dk
Hej
Claus Guttesen said:
> Udrag fra /etc/pf.conf:
>
> int_if="fxp0" # internal network
> ext_if="xl0" # external network (www)
>
> scrub in all
>
> nat on $ext_if from $int_net to any -> ($ext_if)
>
> rdr on $int_if inet proto tcp from $int_net to any
> port ftp -> 127.0.0.1 port 8021
>
> block all
>
> antispoof for $int_if inet
> antispoof for $ext_if inet
>
> pass in log quick on $int_if inet proto tcp from
> $int_net to any port ftp flags S/SA keep state
har du husket at tillade trafik på lo0??
noget ala:
pass quick on lo0 all
og så plejer jeg at:
block quick from 127.0.0.0/8 to any
block quick from any to 127.0.0.0/8
Skriver pf slet ikke til pflog0?
tcpdump -nevi pflog0
-- Mvh. Kim Esben Jørgensen 5000 Odense C Tlf: 26872504
This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:38 CET