Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: PF firewall question (new to PF)
Special Forums Cybersecurity PF firewall question (new to PF) Post 302258456 by glen.barber on Friday 14th of November 2008 03:45:15 PM
Old 11-14-2008
The idea is to block all traffic by default, and explicity allow traffic you want.

Remember when writing your rules, that PF operates in a 'top-down' fashion, meaning:
Code:
block all
allow all

would allow all traffic, as it overrides the 'block all' rule.
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

What Firewall do you use?

Just out of curiosity, I see a lot of people here use Linux IPTables as their firewall. Anyone here use something else like OpenBSD PF or *BSD IPF, IPFW? I'm quite fond of OpenBSD and their Packet Filters. I find their syntax much easier to manage and from my personal experience, I find them... (5 Replies)
Discussion started by: tarballed
5 Replies

2. Cybersecurity

Looking Out from Behind a Firewall

Would it be possible to restrict access to internet pages in the following way? A machine: IP = 128.1.17.123 Only pages from domains of the type "go.jp" and "ne.jp" are viewable. All others are not viewable or only partly viewable. B machine: IP = 128.1.17.146 Regardless of the domain... (4 Replies)
Discussion started by: mntamago
4 Replies

3. IP Networking

Question about pf firewall

If I have a redirect ruleset do I need to allow those ports as well? I.e., if I have this: rdr on $ext proto tcp from any to ($ext) port 22 -> 10.0.0.87 port 12345 Do I need this? pass in on $ext proto tcp from any to ($ext) port 22 (1 Reply)
Discussion started by: sporky
1 Replies

4. Cybersecurity

help with firewall

hi everyone I am a newbee to firewall scripting. cannot understand how to write rules per host. in ip6tables. anyone plz:( (2 Replies)
Discussion started by: xecutioner
2 Replies

5. AIX

Firewall

:b:Hi,, How do configure firewall in aix.. similar to linux iptable. Rgards, k.sumathi. (3 Replies)
Discussion started by: sumathi.k
3 Replies

6. Cybersecurity

Firewall bypass or stepping stone security question

Hi, I really do not know how to describe this problem; but, I think it's a firewall issue. My Distro is Slackware 12.0 (somewhat updated). My company firewall uses Netfilter and the e-mail server uses Sendmail. Let's say the firewall's Ext IP = A and Internal DMZ IP = B. The firewall's... (0 Replies)
Discussion started by: cc_ew
0 Replies

7. SuSE

Firewall

Is there a command line interface to the firewall? (4 Replies)
Discussion started by: jgt
4 Replies

8. Linux

Firewall?

Dear All I have put my windows machine behind my centos firewall server with just one NIC. At now, the windows machine can ping 192.9.9.3 but cannot resolve valid url (like www.google.com). I have set DNS for it as well. Can you please let me know what is the missing step? Thank you (6 Replies)
Discussion started by: hadimotamedi
6 Replies

9. Cybersecurity

Firewall

Hey Guys, I am looking for a good firewall software to implement in medium/large office, with at least 150 users. I was hopping you guys could help me on this one. Regards, (4 Replies)
Discussion started by: andrevicente
4 Replies

LEARN ABOUT PLAN9

ipfirewall

IPFW(4) 						   BSD Kernel Interfaces Manual 						   IPFW(4)

NAME

     ipfw -- IP packet filter and traffic accounting

SYNOPSIS

     To compile ipfw into the kernel, place the following option in the kernel configuration file:

	   options IPFIREWALL

     Other kernel options related to ipfw which may also be useful are:

	   options IPFIREWALL_DEFAULT_TO_ACCEPT
	   options IPFIREWALL_FORWARD
	   options IPFIREWALL_VERBOSE
	   options IPFIREWALL_VERBOSE_LIMIT=100

     To load ipfw as a module at boot time, add the following line into the loader.conf(5) file:

	   ipfw_load="YES"

DESCRIPTION

     The ipfw system facility allows filtering, redirecting, and other operations on IP packets travelling through network interfaces.

     The default behavior of ipfw is to block all incoming and outgoing traffic.  This behavior can be modified, to allow all traffic through the
     ipfw firewall by default, by enabling the IPFIREWALL_DEFAULT_TO_ACCEPT kernel option.  This option may be useful when configuring ipfw for
     the first time.  If the default ipfw behavior is to allow everything, it is easier to cope with firewall-tuning mistakes which may acciden-
     tally block all traffic.

     To enable logging of packets passing through ipfw, enable the IPFIREWALL_VERBOSE kernel option.  The IPFIREWALL_VERBOSE_LIMIT option will
     prevent syslogd(8) from flooding system logs or causing local Denial of Service.  This option may be set to the number of packets which will
     be logged on a per-entry basis before the entry is rate-limited.

     Policy routing and transparent forwarding features of ipfw can be enabled by IPFIREWALL_FORWARD kernel option.

     The user interface for ipfw is implemented by the ipfw(8) utility, so please refer to the ipfw(8) manpage for a complete description of the
     ipfw capabilities and how to use it.

SEE ALSO

     setsockopt(2), divert(4), ip(4), ipfw(8), sysctl(8), syslogd(8), pfil(9)

BSD
								 September 1, 2006							       BSD
All times are GMT -4. The time now is 04:42 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy