Description:
Discussion of OpenBSD Packet Filter.
|
|
|
"Brutes" rules with UDP?
|
| |
Hi all, I use the next rule: ...pass quick on $bridge inet proto tcp from any to $vlan10 port 22 keep state \ (max-src-conn 20, max-src-conn-rate 3/12, \ overload <ssh_brutes> flush global) with success. No problem, all works fine. I wonder if I can apply this type of rule to UDP connections (I try to... more »
|
|
|
pf is blocking too much connections?
|
| |
Hi, I have a openbsd pf firewall protecting a web server, I have noticed that some pages gives me errors when browsing through my site (sometimes it works sometimes not), then I looked at pf and saw that is blocking a lot of connectyions, how do I know which connections is blocking? ...Status: Enabled for 202 days 23:34:57 Debug: Urgent... more »
|
|
|
Filter on specific TTL value?
|
| |
Hi, Is it possible to filter on a specific TTL value? Long story short: there are rogue packets being generated somewhere in our network's core, and I can reliably identify them with a combination of IP TOS, TCP flags and TTL value. I'd like to filter them out with pf if at all possible. Cheers... more »
|
|
|
CBQ download limits failed...
|
| |
Hi all, I'm trying to implement queue using PF in OpenBSD box. The pf.conf looks like: ...ext_if1="fxp0" ext_gw1="217.126.43.2" ...ext_if2="bge1" ext_gw2="192.168.10.1" ...lesmes="192.168.0.121" alejandro="192.168.0.51" xevi="192.168.0.124" santi="192.168.0.49" dominis = "{" $lesmes $alejandro $xevi $santi "}"... more »
|
|
|
Trace packets through PF
|
| |
Hi all, Is there a general way to watch a packet's progress through PF and see when and where it's stopped? Something akin to "packet-tracer" on Cisco maybe? Thanks in advance! -elliott-
|
|
|
Virgin Hate: Virgin Forced Clips
|
| |
============================== ============================== ============= ========= My sister lose her virginity with me (video) ========= VVVVVVVVVVVVVVVVVVVVVVVVVVVVVV VVVVVVVVVVVVVVVVVVVVVVVVVVVVVV VVVVVVVVVVVV ========= ENTER HERE: ========= ========= [link]... more »
|
|
|
syntax error while using scrub with OpenBSD 4.6
|
| |
Hello all, i am fairly new to OpenBSD. I use it for a home router and firewall. Following the recommendations, i want to use the scrub keyword. But regardles how i write it into the pf.conf and check it with pfctl i get a syntax error message. I tried several syntax: scrub all scrub in all After using google and other ressources for hours i found a changeset... more »
|
|
|
Using PF on Multiple Gateways
|
| |
hello , I wondered if anyone could assist me in writing a simple packet filter firewall on my OpenBSD v4.5. All I intend doing is to have two firewalling machine on a separate network : 192.168.1.1 ext_if = xl0 (dhcp) // Internet interface int_if=xl1 // Internatl interface 192.168.2.20... more »
|
|
|
TCP Sequence numbers changing
|
| |
Hi, I have a suspicion that route-to is changing sequence numbers on TCP packets. My pf-based router is set up so that packets travelling between internal hosts and the internet get routed through a separate IPS box: imagine the IPS as basically a plugin to the router, and packets get temporarily diverted through it on their way out.... more »
|
|
|
access to outlook web access through Openbsd
|
| |
I changed OWA to allow anybody in the Exchange folder on the 2003 server. Did not add any security , just wanted to make work before I tightened it up. Updated the pf.conf to redirect to the internal Exchange 2003. Can't seem to get there. Works internally. Openbsd 4.0 rdr pass on $ext_if proto tcp from any to any port 80 -> 192.168.254.99 port... more »
|
|
|
|
