Thread: pf.conf
View Single Post
  #1   (View Single Post)  
Old 17th September 2008
lumiwa lumiwa is offline
Package Pilot
 
Join Date: May 2008
Posts: 145
Default pf.conf

I have a "problem" with pf firewall and I don't know how to save it...

My system: FreeBSD 7.0, cable Internet, D-Link DI-604 (standalone computer). I run also pf firewall and

pfctl -s rules are:

No ALTQ support in kernel
ALTQ related functions disabled
scrub in all fragment reassemble
block drop in quick on ! sk0 inet from 192.168.0.0/24 to any
block drop in quick inet from 192.168.0.100 to any
block drop in log quick on sk0 all label "inblock"
pass out on sk0 inet proto tcp all flags S/SA modulate state
pass out on sk0 inet proto udp all keep state
pass out on sk0 inet proto icmp all icmp-type echoreq code 0 keep state


pf.conf:

# Macros
ext_if="sk0"
# Optimization
set optimization normal
set block-policy drop
set loginterface $ext_if
set skip on lo0
# NOrmalization
scrub in all
# Filtering
antispoof quick for $ext_if
# Closed from outside
block in log quick on $ext_if all label "inblock"
# Open to out
pass out on $ext_if inet proto tcp all flags S/SA modulate state
pass out on $ext_if inet proto udp all keep state
# ping out
pass out on $ext_if inet proto icmp all icmp-type 8 code 0 keep state

/var/log/pflog has everytime something like:

Date Interface Action Rule Direction Protocol Src. address Src. port Dest. address Dest. port
2008-09-15 19:22:50.503247 sk0 drop 2 in udp 192.168.0.102 138 192.168.0.255 138
2008-09-15 19:22:50.503257 sk0 drop 2 in udp 192.168.0.102 137 192.168.0.255 137
2008-09-15 19:22:51.252843 sk0 drop 2 in udp 192.168.0.102 137 192.168.0.255 137
2008-09-15 19:22:52.2844 sk0 drop 2 in udp 192.168.0.102 137 192.168.0.255 137
2008-09-15 19:24:20.994079 sk0 drop 2 in udp 192.168.0.102 138 192.168.0.255 138
2008-09-15 19:31:07.487049 sk0 drop 2 in udp 192.168.0.102 138 192.168.0.255 138
2008-09-15 19:33:20.124759 sk0 drop 2 in udp 0.0.0.0 68 255.255.255.255 67
2008-09-15 19:33:20.125243 sk0 drop 2 in udp 192.168.0.1 67 255.255.255.255 68
2008-09-15 19:33:20.125638 sk0 drop 2 in udp 0.0.0.0 68 255.255.255.255 67
2008-09-15 19:33:20.126140 sk0 drop 2 in udp 192.168.0.1 67 255.255.255.255 68
2008-09-15 19:33:24.982418 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:25.726406 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:26.477591 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:27.228664 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:27.980047 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:28.730837 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:29.481915 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:30.233010 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:31.551535 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:32.296118 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:32.524082 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:32.524177 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:33.47201 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:33.267571 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:33.267577 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:34.18655 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:34.18662 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:36.213991 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:36.962973 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:37.714053 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:38.465135 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:39.217315 sk0 drop 2 in udp 192.168.0.101 138 192.168.0.255 138
2008-09-15 19:33:39.252561 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:39.252566 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:39.997453 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:39.997460 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:40.748539 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:40.748546 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:54.449456 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:55.199743 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:33:55.950922 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:34:39.844677 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:34:40.586470 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:34:41.337554 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:35:42.98290 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:35:42.847972 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:35:43.2136 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:35:43.599052 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:35:43.749225 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:35:44.500413 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:35:49.829380 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:35:50.580947 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:35:51.330445 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:35:56.630255 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
2008-09-15 19:35:57.379338 sk0 drop 2 in udp 192.168.0.101 137 192.168.0.255 137
.....
.....

Thanks in advance.

Last edited by lumiwa; 17th September 2008 at 09:11 PM.
Reply With Quote