List Info

Thread: Array
Array
user name
 2006-11-16 18:55:48 
On Thursday 16 November 2006 20:33, Lawrence Farr wrote:
> > /etc/pf.conf:
> > pass in on rl0 proto udp from any to (rl0) port
137 keep state
> >
> > # tcpdump -n -e -ttt -i pflog0:
> > rule 0/0(match): block in on rl0:
192.168.2.100.137 >
> > 192.168.2.101.53259: NBT UDP PACKET(137): QUERY;
POSITIVE;
> > RESPONSE; UNICAST
>
> Because that came FROM port 137 not TO port 137.

Oops, I thought it wants to connenct back to my port 137-
silly me. Then I 
have to open all ports that is higher than 1024?

This line is correct?

pass in proto {tcp,udp} from any to any port 1024:65535 keep
state
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Array
user name
 2006-11-16 21:00:57 
On Thursday 16 November 2006 20:55, Andrei Kolu wrote:
> On Thursday 16 November 2006 20:33, Lawrence Farr
wrote:
> > > /etc/pf.conf:
> > > pass in on rl0 proto udp from any to (rl0)
port 137 keep state
> > >
> > > # tcpdump -n -e -ttt -i pflog0:
> > > rule 0/0(match): block in on rl0:
192.168.2.100.137 >
> > > 192.168.2.101.53259: NBT UDP PACKET(137):
QUERY; POSITIVE;
> > > RESPONSE; UNICAST
> >
> > Because that came FROM port 137 not TO port 137.
>
> Oops, I thought it wants to connenct back to my port
137- silly me. Then I
> have to open all ports that is higher than 1024?
>
> This line is correct?
>
> pass in proto {tcp,udp} from any to any port 1024:65535
keep state
> _______________________________________________

OK, I'll answer this question myself.

# Ports from 49152 to 65535 are known as Dynamic or Private
Ports. 
# Ports between 1024 and 29151 are known as the Registered
Ports. 
# Basically, programs are supposed to register their use of
these 
# ports and thereby try to be careful and avoid stomping on
each other. 

Sry, not ports from 1024 and up but starting from 49152 and
up. 

set skip on lo0
set block-policy return
set loginterface rl0
scrub in all
block in log
antispoof quick for lo0 inet
block in from no-route to any
pass out keep state
table <blacklist> persist file
"/etc/blacklist"
pass inet proto icmp from any to any
pass in proto {tcp,udp} from any to any port 49152:65535
keep state
pass in quick on rl0 proto udp from any to (rl0) port 137
keep state
pass in quick on rl0 proto udp from any to (rl0) port 138
keep state
pass in quick on rl0 proto tcp from any to (rl0) port 22
keep state
pass in quick on rl0 proto tcp from any to (rl0) port 445
keep state
pass in quick on rl0 proto tcp from any to (rl0) port 137
keep state
pass in quick on rl0 proto tcp from any to (rl0) port 139
keep state
block on rl0 from <blacklist> to any
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )