Configuring PF
Pat Maddox
pergesu at gmail.com
Tue Feb 15 04:55:52 GMT 2005
Is there any place I can find a good default ruleset for a server, and
just change what ports I want open?
Also, I've noticed that some rulesets will have different flags and
keep state on for certain TCP ports, but not others. For example, at
https://www.section6.net/help/pf.php I found:
#WebServer, HTTPS, 8000
pass in on $extif proto tcp from any to any port 80 flags S/SA
pass in on $extif proto tcp from any to any port $tcp_services flags
S/SA synproxy state
tcp_services is {22, 443}
I don't understand why they use synproxy state for 22 and 443, but not 80
On Mon, 14 Feb 2005 23:44:32 -0500, chip <chip.gwyn at gmail.com> wrote:
> > quickly see what's up. When PF is disabled, I can nmap it in about 9
> > seconds. When I turn it on, it takes over 3 minutes to do. These
> > machines are on the same network, so the connection is obviously fast.
>
> I believe this is becuase nmap is having to wait on the connections to
> time out. If you tell PF to 'reject' instead of 'drop' it may go a
> bit faster.
>
> --
> Just my $.02, your mileage may vary, batteries not included, etc....
>
More information about the freebsd-questions
mailing list