View Single Post
  #1   (View Single Post)  
Old 15th February 2012
kbeaucha kbeaucha is offline
Port Guard
 
Join Date: May 2008
Posts: 36
Default ftp proxy and pf.conf rules (From The Book of PF, 2nd Ed)

I am updating my primary firewall to 5.0 and taking the opportunity to clean up my ruleset a little at the same time.

I am using The Book of PF 2nd Edition as a guide to setting up the ftp proxy.

The book says I'll only need three things in my pf.conf to make the proxy work (after enabling ftpproxy_flags in rc.conf.local):

The anchor line - anchor "ftp-proxy/*"
A pass in rule - pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
A pass out rule - pass out proto tcp from $proxy to any port ftp

I originally had more restrictive pass rules in place, but pfctl wouldn't load the ruleset because it said the "proxy" macro wasn't defined so I entered the lines as written but get the same warning.

Am I supposed to substitute something for $proxy in my rules, or is that pass-out implicit in the proxy?

Thanks
kmb
Reply With Quote