pf, ping and traceroute
jlm at caamora.com.au
Tue Sep 11 04:38:32 PDT 2007
On Tue, Sep 11, 2007 at 02:07:45AM -0700, Kian Mohageri wrote:
> On 9/10/07, jonathan michaels <jon at caamora.com.au> wrote:
> > i get that it is part of teh functionality to stop outside stuff
> > garbage bad people from getting to teh inside but how do i make a
> > "hole" in teh 'firewall' for ping/traceroute without opening up teh
> > firewall to let the same (ping/traceroute/etc) stuff come in from teh
> > outside ????
> PF was developed by OpenBSD, so their documentation is mostly
> authoritative. Keep in mind the PF found in FreeBSD is slightly
> different -- it isn't as new, for the most part (much of that changed
> recently thanks to Max Laier).
> Anyway, have you read the OpenBSD documentation?
yes, kian, my basic problem is that english is not my first language
and i still have difficulty understanding the way that teh document is
> Focus on understanding how the directions work (e.g. pass in vs. pass
> out) and also 'keep state.' Understanding states is critical... have
> you figured out how those work yet?
i think that i have .. but, i have a way to go yet i think. learning
for me is a hard process of reading and reading and reading untill i
understand it and i can get it past teh damaged bits of my brain.
sorry, i don't have any other way of explaining what is going on.
> Are you filtering on a router? Switch? Server?
pentium 133 mhz that is running freebsd v6.2 and i am using the
included version pf. so i suppose that it is a server, yes ??
my internet connection is via a v.90 dialup modem that provides me a
permanent connected ppp style connection/account (been using some 10
ext_if=ppp0 = this is teh modem, on serial (comm0/cuad0 ) port 1
int_if=de0 = nic, accton en1203 21040 (a digital 10 mhz clone)
this is all that that there is, so i suppose its a simple router ??
i am thinking of using pf to defend all teh internal machines from
stuff that makes it through the firewall, is this possible (there seems
to be nothing, that i have been able to find/understand in teh doc or
via google) ??
this means that i am looking at using ipfw as a secondary firewall, or
just as a filter kind of thing to keep out the stuff that is making it
through the firewall.
powered by ..
QNX, OS9 and freeBSD -- http://caamora com au/operating system
==== === appropriate solution in an inappropriate world === ====
More information about the freebsd-pf