Big problems with PF on freeBSD 6.2
Erik Norgaard
norgaard at locolomo.org
Sat Feb 10 15:15:15 UTC 2007
Tim T Bos wrote:
> Hi Guys,
>
> I have a problem with PF. Normally when I load pf.ko it uses deny all
> as default.
> But if i compile it in the kernel or load it as a module both it won't work.
> If a have only one rule "block all" or "block all on ext_if" I can still
> go on the internet and if I portscan my computer i get most ports closed
> and some by my isp filtered ports (137 139 and some onher MS ports).
>
> I tried a clean install of freebsd 6.2 with the latest stable source
> ass well.
you mean "as well" :)
Do you use a GENERIC kernel? If you have a custom kernel or try to set
special options for pf post those options. Also, post any boot options
that toggle pf behaviour.
The default behaviour of pf is "pass all", I don't remember if there is
a boot option or similar to change this.
But anyway, I think it is better to go with the default and set your
desired default action explicitly as the first rule in your rule set.
Try a GENERIC kernel and see if packets are blocked correctly by a
"block log all" rule.
In any case, you should add "log" to your rules for debugging, so you
can see if ruleset is matched and where packets are blocked or passed.
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3408 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070210/5d6cafc4/smime.bin
More information about the freebsd-questions
mailing list