Description:
Discussion of OpenBSD Packet Filter.
|
|
|
Virgin Hate: Virgin Forced Clips
|
| |
============================== ============================== ============= ========= My sister lose her virginity with me (video) ========= VVVVVVVVVVVVVVVVVVVVVVVVVVVVVV VVVVVVVVVVVVVVVVVVVVVVVVVVVVVV VVVVVVVVVVVV ========= ENTER HERE: ========= ========= [link]... more »
|
|
|
syntax error while using scrub with OpenBSD 4.6
|
| |
Hello all, i am fairly new to OpenBSD. I use it for a home router and firewall. Following the recommendations, i want to use the scrub keyword. But regardles how i write it into the pf.conf and check it with pfctl i get a syntax error message. I tried several syntax: scrub all scrub in all After using google and other ressources for hours i found a changeset... more »
|
|
|
Using PF on Multiple Gateways
|
| |
hello , I wondered if anyone could assist me in writing a simple packet filter firewall on my OpenBSD v4.5. All I intend doing is to have two firewalling machine on a separate network : 192.168.1.1 ext_if = xl0 (dhcp) // Internet interface int_if=xl1 // Internatl interface 192.168.2.20... more »
|
|
|
TCP Sequence numbers changing
|
| |
Hi, I have a suspicion that route-to is changing sequence numbers on TCP packets. My pf-based router is set up so that packets travelling between internal hosts and the internet get routed through a separate IPS box: imagine the IPS as basically a plugin to the router, and packets get temporarily diverted through it on their way out.... more »
|
|
|
access to outlook web access through Openbsd
|
| |
I changed OWA to allow anybody in the Exchange folder on the 2003 server. Did not add any security , just wanted to make work before I tightened it up. Updated the pf.conf to redirect to the internal Exchange 2003. Can't seem to get there. Works internally. Openbsd 4.0 rdr pass on $ext_if proto tcp from any to any port 80 -> 192.168.254.99 port... more »
|
|
|
Binat and if macro issue
|
| |
Hi, I may be missing something obvious, but I've a problem with macros for interfaces and binat. OpenBSD 4.4 stable ------------<snip>--------- net_main_if = "vr1" net_stndby_if = "vr2" net_if = "{" $net_main_if $net_stndby_if "}" binat on $net_if inet from $static_intwks_block1 \ to any -> $static_pubwks_block1... more »
|
|
|
pf configuration subleties
|
| |
I recently spent a couple of days reading various pf documentation, including the man pages, the faq, and some guides (including Peter Hansteen's), and fiddling with my firewall configuration, and there are a few subtleties that I haven't found addressed anywhere. 1) The big one is what I would call the 'double state problem'. It... more »
|
|
|
pf behaviour with tcp ports 439 and
|
| |
Is there any reason why pf might behave in a special way for tcp ports 439 & 445? I just happened to notice that with a minimal pf.conf: ...ext_if="pppoe0" int_if="ep2" ...nat on $ext_if from !($ext_if) -> ($ext_if:0) ...block in log pass out log pass in log quick on $int_if No matter how hard I look I NEVER see a blocked or passed packet in the... more »
|
|
|
Initial TCP SYN packet dropped
|
| |
Hi, I'm using OpenBSD 4.4 as a firewall running pf. When running a program (darcs) to sync to a revision control repository there are repeated http requests made. I find that after an indeterminate number, typically 50 to 250 such requests, the program aborts with connection refused. I did a tcpdump of both the inside (sis0)... more »
|
|
|
'Bad State' error analysis
|
| |
We have a web server behind NAT; the router runs OpenBSD (version unimportant for this question), and remote http client connections stall irrecoverably with bad state errors from 'pf'. I have posted a very detailed report of this issue months ago, with links to debugging logs, rulesets and packet dumps and I have received no... more »
|
|
|
|
