DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 24th May 2011
joostvgh joostvgh is offline
Port Guard
 
Join Date: Jan 2010
Posts: 38
Thanked 0 Times in 0 Posts
Default Pf problem

here's my pf ruleset:

Code:
# vi /etc/pf.conf
table <internet> { 0.0.0.0/0 }

tcp_services    = "{ ssh, www, http, https, domain, auth, 1863, 21, 20, 25, 110, 143, 465, 993, 995, 3724, 6112, 1119, 1700, 25565 }"
udp_services    = "{ domain }"

intern_ip       = "192.168.2.0/24"
dns_ip          = "{ 195.238.2.21, 195.238.2.22}"
rapidshare_ip   = "{ 195.122.131.0/24, 62.67.50.0/24, 212.162.2.0/24, 62.140.7.0/24, 130.117.156.250}"
firewall_ip     = "{192.168.2.1, 127.0.0.1}"

ext_if = "dc0"
int_if = "rl0"
loc_if = "lo0"

#NAT
nat pass on $ext_if from $int_if:network to any -> $ext_if

pass in quick on $loc_if from $firewall_ip
pass out quick on $loc_if from $firewall_ip

block all

#block rps
block in quick on $int_if inet proto tcp from $intern_ip to $rapidshare_ip

#default tcp traffic
pass in quick on $int_if inet proto tcp from $intern_ip to any port $tcp_services
pass out quick on $ext_if inet proto tcp from $ext_if to any port $tcp_services

#to darkstat page
pass in quick on $int_if inet proto tcp from $intern_ip to $firewall_ip port 667

#dns
pass in quick on $int_if inet proto udp from $intern_ip to $dns_ip port "domain"
pass out quick on $ext_if inet proto udp from $ext_if to $dns_ip port "domain"

#ssh to firewall
pass in quick on $int_if inet proto tcp from $intern_ip to $ext_if port 22

#ping
pass in quick on $int_if inet proto icmp from $intern_ip to any icmp-type "echoreq"
pass out quick on $int_if inet proto icmp from $intern_ip to any icmp-type "echoreq"
yet still (http://img542.imageshack.us/i/113v.jpg/) people are using ports that should be closed.
i am quite certain this is done by using torrents.
also i installed a dnsspoofer which blocks all url's containing the word *tracker* so torrents should be blocked by pf ánd by dnsspoof..
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Boot problem. Geometry problem? gulanito FreeBSD Installation and Upgrading 0 3rd July 2009 03:03 AM


All times are GMT. The time now is 10:10 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick