pf headaches: why won' t it let me fetch from ftp servers?
Dino Vliet
dino_vliet at yahoo.com
Thu Jan 7 21:38:54 UTC 2010
Dear freebsd list,
I have the following pf.conf file:
tcp_services = "{ ftp, ssh, domain, www, auth, https }"
udp_services = "{ ftp, domain, ntp }"
icmp_types = "echoreq"
block all
pass inet proto icmp all icmp-type $icmp_types keep state
#pass in proto tcp to any port 22 keep state
pass out proto tcp to any port $tcp_services keep state
#pass out proto tcp to any port 25 keep state
#pass out proto tcp to any port 465 keep state
#pass out proto tcp to any port 587 keep state
pass out proto tcp to any port 5999 keep state
#pass out all keep state
#pass out proto tcp to any keep state
pass out proto udp to any port $udp_services
However,if I try to fetch a file from a ftp server as in the followining example:fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/bash/FAQ
I get the result: Operation not permitted
My first question is: What is causing this? If I stop pf, then I' m able to fetch it.
My second question is:Is my ruleset looking fine, as i want to block everything and only let some specific services go out. Or need t be tightened more?
BrgdsDino
More information about the freebsd-questions
mailing list