Hi!
I am struggling here with PF firewall and just can't connect
to any samba
share if PF is enabled:
set block-policy return
set loginterface rl0
scrub in all
block in log all
pass out all keep state
table <blacklist> persist file
"/etc/blacklist"
pass inet proto icmp from any to any
antispoof for rl0
pass in on rl0 proto udp from any to (rl0) port 445 keep
state
pass in on rl0 proto udp from any to (rl0) port 137 keep
state
pass in on rl0 proto udp from any to (rl0) port 138 keep
state
pass in on rl0 proto udp from any to (rl0) port 139 keep
state
pass in on rl0 proto tcp from any to (rl0) port 22 keep
state
pass in on rl0 proto tcp from any to (rl0) port 80 keep
state
pass in on rl0 proto tcp from any to (rl0) port 445 keep
state
pass in on rl0 proto tcp from any to (rl0) port 137 keep
state
pass in on rl0 proto tcp from any to (rl0) port 138 keep
state
pass in on rl0 proto tcp from any to (rl0) port 139 keep
state
block on rl0 from <blacklist> to any
# tcpdump -n -e -ttt -i pflog0
278062 rule 0/0(match): block in on rl0: 192.168.2.100.137
>
192.168.2.101.53259: NBT UDP PACKET(137): QUERY; POSITIVE;
RESPONSE; UNICAST
_______________________________________________
freebsd-pf freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|