Stumped with pf.conf
Hexren
me at hexren.net
Tue Feb 22 16:29:36 GMT 2005
OW> * Kay Abendroth <kay.abendroth at raxion.net> [20050222 16:28]: wrote:
>> Odhiambo Washington wrote:
>> >I am a newbie to PF, running on FreeBSD 5.3-STABLE.
>> >I would like some critique of the following pf.conf, which I am using,
>> >but which appears to have a loophole! Some folk is accessing my port
>> >8080, which I am thinking I have only opened to 62.8.64.0/19.
>> [...]
>>
>>
>> How do you know some are accessing? The only thing you actually log is
>> the traffic blocked by this rule:
>>
>> block in log quick on $ext_if inet proto tcp from any to any flags S/SAFR
OW> Hi Kay,
OW> I have an application running on port 8080 of this box. That
OW> application logs the IPs of machines accessing it, and I can see a
OW> foreign IP accessing that service.
OW> What I meant to say is that "the filter is NOT working as expected by
OW> blocking access to disallowed hosts".
OW> If you'd like to test accessing the box on that port, go ahead and
OW> set your proxy settings to 62.8.64.13:8080 and try going to badboys.com
---------------------------------------------
Looking over it I can't see any obvious mistakes.
Have you enabled pf, (e.g. done "pfctl -e") ?
And can you provide the output of "pfctl -sr".
A good way to narrow your problem down would be to log all rules that
pass and see which one lets outside connections in.
Hexren
More information about the freebsd-pf
mailing list