Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: PF firewall question (new to PF)
Special Forums Cybersecurity PF firewall question (new to PF) Post 302258456 by glen.barber on Friday 14th of November 2008 03:45:15 PM
Old 11-14-2008
The idea is to block all traffic by default, and explicity allow traffic you want.

Remember when writing your rules, that PF operates in a 'top-down' fashion, meaning:
Code:
block all
allow all

would allow all traffic, as it overrides the 'block all' rule.
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

What Firewall do you use?

Just out of curiosity, I see a lot of people here use Linux IPTables as their firewall. Anyone here use something else like OpenBSD PF or *BSD IPF, IPFW? I'm quite fond of OpenBSD and their Packet Filters. I find their syntax much easier to manage and from my personal experience, I find them... (5 Replies)
Discussion started by: tarballed
5 Replies

2. Cybersecurity

Looking Out from Behind a Firewall

Would it be possible to restrict access to internet pages in the following way? A machine: IP = 128.1.17.123 Only pages from domains of the type "go.jp" and "ne.jp" are viewable. All others are not viewable or only partly viewable. B machine: IP = 128.1.17.146 Regardless of the domain... (4 Replies)
Discussion started by: mntamago
4 Replies

3. IP Networking

Question about pf firewall

If I have a redirect ruleset do I need to allow those ports as well? I.e., if I have this: rdr on $ext proto tcp from any to ($ext) port 22 -> 10.0.0.87 port 12345 Do I need this? pass in on $ext proto tcp from any to ($ext) port 22 (1 Reply)
Discussion started by: sporky
1 Replies

4. Cybersecurity

help with firewall

hi everyone I am a newbee to firewall scripting. cannot understand how to write rules per host. in ip6tables. anyone plz:( (2 Replies)
Discussion started by: xecutioner
2 Replies

5. AIX

Firewall

:b:Hi,, How do configure firewall in aix.. similar to linux iptable. Rgards, k.sumathi. (3 Replies)
Discussion started by: sumathi.k
3 Replies

6. Cybersecurity

Firewall bypass or stepping stone security question

Hi, I really do not know how to describe this problem; but, I think it's a firewall issue. My Distro is Slackware 12.0 (somewhat updated). My company firewall uses Netfilter and the e-mail server uses Sendmail. Let's say the firewall's Ext IP = A and Internal DMZ IP = B. The firewall's... (0 Replies)
Discussion started by: cc_ew
0 Replies

7. SuSE

Firewall

Is there a command line interface to the firewall? (4 Replies)
Discussion started by: jgt
4 Replies

8. Linux

Firewall?

Dear All I have put my windows machine behind my centos firewall server with just one NIC. At now, the windows machine can ping 192.9.9.3 but cannot resolve valid url (like www.google.com). I have set DNS for it as well. Can you please let me know what is the missing step? Thank you (6 Replies)
Discussion started by: hadimotamedi
6 Replies

9. Cybersecurity

Firewall

Hey Guys, I am looking for a good firewall software to implement in medium/large office, with at least 150 users. I was hopping you guys could help me on this one. Regards, (4 Replies)
Discussion started by: andrevicente
4 Replies

LEARN ABOUT CENTOS

firewalld.conf

FIREWALLD.CONF(5)						  firewalld.conf						 FIREWALLD.CONF(5)

NAME

       firewalld.conf - firewalld configuration file

SYNOPSIS

       /etc/firewalld/firewalld.conf

DESCRIPTION

       firewalld.conf is loaded by firewalld during the initialization process. The file contains the basic configuration options for firewalld.

OPTIONS

       These are the options that can be set in the config file:

       DefaultZone
	   This sets the default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or
	   command line tool. The default zone is public.

       MinimalMark
	   For some firewall settings several rules are needed in different tables to be able to handle packets in the correct way. To achieve
	   that these packets are marked using the MARK target iptables(8) and ip6tables(8). With the MinimalMark option a block of marks can be
	   reserved for private use; only marks over this value are used. The default MinimalMark value is 100.

       CleanupOnExit
	   If firewalld stops, it cleans up all firewall rules. Setting this option to no or false leaves the current firewall rules untouched.
	   The default value is yes or true.

       Lockdown
	   If this option is enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown
	   whitelist (see firewalld.lockdownwhitelist(5)). The default value is no or false.

SEE ALSO

       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5),
       firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5),
       firewalld.zones(5)

NOTES

       firewalld home page at fedorahosted.org:
	   http://fedorahosted.org/firewalld/

       More documentation with examples:
	   http://fedoraproject.org/wiki/FirewallD

AUTHORS

       Thomas Woerner <twoerner@redhat.com>
	   Developer

       Jiri Popelka <jpopelka@redhat.com>
	   Developer

firewalld 0.3.9 														 FIREWALLD.CONF(5)
All times are GMT -4. The time now is 10:21 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy