problems connecting samba shares
Andrei Kolu
antik at bsd.ee
Thu Nov 16 21:01:03 UTC 2006
On Thursday 16 November 2006 20:55, Andrei Kolu wrote:
> On Thursday 16 November 2006 20:33, Lawrence Farr wrote:
> > > /etc/pf.conf:
> > > pass in on rl0 proto udp from any to (rl0) port 137 keep state
> > >
> > > # tcpdump -n -e -ttt -i pflog0:
> > > rule 0/0(match): block in on rl0: 192.168.2.100.137 >
> > > 192.168.2.101.53259: NBT UDP PACKET(137): QUERY; POSITIVE;
> > > RESPONSE; UNICAST
> >
> > Because that came FROM port 137 not TO port 137.
>
> Oops, I thought it wants to connenct back to my port 137- silly me. Then I
> have to open all ports that is higher than 1024?
>
> This line is correct?
>
> pass in proto {tcp,udp} from any to any port 1024:65535 keep state
> _______________________________________________
OK, I'll answer this question myself.
# Ports from 49152 to 65535 are known as Dynamic or Private Ports.
# Ports between 1024 and 29151 are known as the Registered Ports.
# Basically, programs are supposed to register their use of these
# ports and thereby try to be careful and avoid stomping on each other.
Sry, not ports from 1024 and up but starting from 49152 and up.
set skip on lo0
set block-policy return
set loginterface rl0
scrub in all
block in log
antispoof quick for lo0 inet
block in from no-route to any
pass out keep state
table <blacklist> persist file "/etc/blacklist"
pass inet proto icmp from any to any
pass in proto {tcp,udp} from any to any port 49152:65535 keep state
pass in quick on rl0 proto udp from any to (rl0) port 137 keep state
pass in quick on rl0 proto udp from any to (rl0) port 138 keep state
pass in quick on rl0 proto tcp from any to (rl0) port 22 keep state
pass in quick on rl0 proto tcp from any to (rl0) port 445 keep state
pass in quick on rl0 proto tcp from any to (rl0) port 137 keep state
pass in quick on rl0 proto tcp from any to (rl0) port 139 keep state
block on rl0 from <blacklist> to any
More information about the freebsd-pf
mailing list