referer filtering

Laszlo Danielisz laszlo.danielisz at yahoo.com
Fri Sep 26 03:44:46 UTC 2014 

Thank you!

Isn't this just going to accept traffic on port 80 from A t0 B?
pass in log on $ext_if inet proto tcp from $A to $B port 80 keep state


I mean customers who would like to connect to $B won't be able.



On Thursday, September 25, 2014 9:45 PM, Javad Mustafayev <javad at smarty.az> wrote:
 


Hi, i can suggest config below

lets say this config will be on server B's pf.conf. and your network interface of B ip address 2.2.2.2 is bge0

then you can use the following config

#pf.conf
#macros

ext_if="bge0"
A="1.1.1.1"
B="2.2.2.2"

#global options
set block-policy return #or you can use drop
set skip on lo0
set loginterface $ext_if #optional

#all other configurations

#here you block all

block return in all #or you can use drop :)

#and here allow TCP connections on port 80 only from A(1.1.1.1) to B(2.2.2.2)

pass in log on $ext_if inet proto tcp from $A to $B port 80 keep state

that's all. its so simple configuration file. you can find more advanced and fancy configuration models on the web. but i suggest pf manual ;) 
good luck.
--

•••/
name:                       Javad Mustafayev
title:                    System Administrator
company:                            Smarty LLC
mobile:                 00994.51.927.11.99
mail:                           javad at smarty.az
web.mail:    j.mustafayev at gmail.com
 •••/
 

On Sep 25, 2014 11:24 PM, Laszlo Danielisz via freebsd-pf <freebsd-pf at freebsd.org> wrote:
>
> Hi, 
>
> I was wondering how is possible to accept a connection, lets say on port 80 only if it comes from a specified referer. 
> Let's say there is a link on server A (IP 1.1.1.1) pointing to server B (IP 2.2.2.2). And server B will only accept the connection if it was sent by A. 
>
> Any ideas? 
>
> Thx! 
> Laszlo 
> _______________________________________________ 
> freebsd-pf at freebsd.org mailing list 
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf 
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org" 
_______________________________________________
freebsd-pf at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"

More information about the freebsd-pf mailing list