List Info

Thread: Re: pf, ping and traceroute
Re: pf, ping and traceroute
country flaguser name
Czech Republic		 2007-09-11 09:29:28 
jonathan michaels wrote:
> On Tue, Sep 11, 2007 at 02:07:45AM -0700, Kian Mohageri
wrote:
[...]
> yes, kian, my basic problem is that english is not my
first language
> and i still have difficulty understanding the way that
teh document is
> written.

Even if you are not native english speaking, please use
"the" and not 
"teh". It is hard to read your sentences.

>>Focus on understanding how the directions work (e.g.
pass in vs. pass
>>out) and also 'keep state.'  Understanding states is
critical... have
>>you figured out how those work yet?
> 
> 
> i think that i have .. but, i have a way to go yet i
think. learning
> for me is a hard process of reading and reading and
reading untill i
> understand it and i can get it past teh damaged bits of
my brain.
> 
> sorry, i don't have any other way of explaining what is
going on.

I am using PF on my servers and I am using the folowing two
lines to 
allow incoming & outgoing pings:

# Allow pings and replies while keeping state
pass out quick on $ext_if inet proto icmp icmp-type 8 code 0
keep state
pass in quick on $ext_if inet proto icmp icmp-type 8 code 0
keep state

Where $ext_if is ext_if="bge0"

>>Are you filtering on a router? Switch? Server?
> 
> 
> pentium 133 mhz that is running freebsd v6.2 and i am
using the
> included version pf. so i suppose that it is a server,
yes ??
> 
> my internet connection is via a v.90 dialup modem that
provides me a
> permanent connected ppp style connection/account (been
using some 10
> plus years).
> 
> ext_if=ppp0	= this is teh modem, on serial (comm0/cuad0
) port 1
> int_if=de0	= nic, accton en1203 21040 (a digital 10 mhz
clone)
> 
> this is all that that there is, so i suppose its a
simple router ??
> 
> i am thinking of using pf to defend all teh internal
machines from
> stuff that makes it through the firewall, is this
possible (there seems
> to be nothing, that i have been able to find/understand
in teh doc or
> via google) ??
> 
> this means that i am looking at using ipfw as a
secondary firewall, or
> just as a filter kind of thing to keep out the stuff
that is making it
> through the firewall.

I don't understand what do you mean...
There is no reason to use more then one firewall on the
machine and PF 
is just fine.

Miroslav Lachman
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )