Stumped with pf.conf
Odhiambo Washington
wash at wananchi.com
Tue Feb 22 14:12:57 GMT 2005
* Kay Abendroth <kay.abendroth at raxion.net> [20050222 16:28]: wrote:
> Odhiambo Washington wrote:
> >I am a newbie to PF, running on FreeBSD 5.3-STABLE.
> >I would like some critique of the following pf.conf, which I am using,
> >but which appears to have a loophole! Some folk is accessing my port
> >8080, which I am thinking I have only opened to 62.8.64.0/19.
> [...]
>
>
> How do you know some are accessing? The only thing you actually log is
> the traffic blocked by this rule:
>
> block in log quick on $ext_if inet proto tcp from any to any flags S/SAFR
Hi Kay,
I have an application running on port 8080 of this box. That
application logs the IPs of machines accessing it, and I can see a
foreign IP accessing that service.
What I meant to say is that "the filter is NOT working as expected by
blocking access to disallowed hosts".
If you'd like to test accessing the box on that port, go ahead and
set your proxy settings to 62.8.64.13:8080 and try going to badboys.com
-Wash
http://www.netmeister.org/news/learn2quote.html
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington <wash at wananchi.com>
Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
'---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
+======================================================================+
"Do not meddle in the affairs of wizards, for you are crunchy and good
with ketchup."
More information about the freebsd-pf
mailing list