pf not working properly even with only "pass in all" and "pass out all" rules
i have two rules in my pf.conf file, "pass in all" and "pass out all"
i was having issues with getting pf working to begin with, so i went with
starting from nothing and working on up.
i have an ultrasparc ultra1 200e, with an added 4-port fast ethernet sbus
card, running "3.4 GENERIC#85 sparc64"
i have my access server on one and my workstation on two separate ports that
are different networks.
i can ping the access server from my workstation and my OBSD box, however, i
can't telnet to the access server from my workstation. i can telnet to the
access server through the OBSD box.
Are you sure that it's packet filter fault ? If you try to disable PF, are you able to telnet to the box ?
The machines are on different networks, the problem might be a gateway issue too... check the default gateway...
now if you're going from the LAN to the WAN do you need to have a separate pass in rule on hme0, and then a corresponding pass out rule on hme4? or... does the "keep state" allow you to only have a pass in statement involving hme0, where the OBSD box will have the intelligence to know that the outbound traffic will be sent out of hme4 and return on hme and then be sent to hme0, which will then take it to a workstation?
example of what i mean...do you have to have,
pass in on $int_if proto tcp from $hosts to $ext_ip modulate state
pass out on $ext_if proto tcp from $hosts to $ext_ip modulate state
or can you work with only:
pass in on $int_if proto tcp from $hosts to $ext_ip modulate state
I don't know if I understood your question...
If your default rule is to block everything, then you have to specify exactly what you want to access ( or what you want to access you ! )... so, if your default rule is to block all, then you have to specify that you want to allow traffic in and out... otherwise, you don't need any of them, all traffic will be allowed...
Let me try to explain the "keep state" and see if it fits on your solution...
You have SSHd ( for example ), running on the server A and you want all clients to be able to use it... you only need to specify one rule, the "in" rule, and the filter will be able to detect that the connection that goes out, belongs to the same connection that was started before... you have to specify on the server that you want to allow port 22 in, keeping state... instead of specifing that you want to allow connection in and out on that port...
If it doesn't look simple, it's because english is not my first language, because it is simple... :-)
Hi 2 all,
i have had AIX 7.2
:/# /usr/IBMAHS/bin/apachectl -v
Server version: Apache/2.4.12 (Unix)
Server built: May 25 2015 04:58:27
:/#:/# /usr/IBMAHS/bin/apachectl -M
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
mpm_worker_module (static)
... (3 Replies)
Hello.
System : opensuse leap 42.3
I have a bash script that build a text file.
I would like the last command doing :
print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt
where :
print_cmd ::= some printing... (1 Reply)
How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address
and column 3 contains “cc” e-mail address to include with same email.
Sample input file, email.txt
Below is an sample code where... (2 Replies)
Friends,
Need someone's help in helping me with the below requirement for a script:
> For a list of servers(over 100+), I need to login into each of them(cannot configure password-less ssh) & grab few configuration details <
I know, this is possible through expect programming in a simple... (14 Replies)
Friends,
Need someone's help in helping me with the below requirement for a script:
> For a list of servers(over 100+), I need to login into each of them(cannot configure password-less ssh) & grab few configuration details <
I know, this is possible through expect programming in a simple... (2 Replies)
The system don't boot.
on the screen appears following:
press enter to maintenance (or type CTRL-D to continue)...I checked with format command.
... the slices "0-root","1-swap","2-backup" exist.
...the slises "3-var","6-usr" -unassigned. :( (16 Replies)
Hi,
I have line in input file as below:
3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL
My expected output for line in the file must be :
"1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL"
Can someone... (7 Replies)
Hi Friends,
Can any of you explain me about the below line of code?
mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`
Im not able to understand, what exactly it is doing :confused:
Any help would be useful for me.
Lokesha (4 Replies)