DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 18th June 2008
aleunix aleunix is offline
Real Name: Alessandro
Spam Deminer
 
Join Date: May 2008
Location: Italy
Posts: 224
Thanked 3 Times in 3 Posts
Default Problem using pkg with pf enabled

Problem using pkg with pf enabled on FreeBSD 7.0

I have problem with pf enabled.

The first time i have used the same configuration that i adopted on openbsd 4.3.

Subsequently I have reduced the firewall using the example in freebsd 7.0.

When the pf is enabled i can use browser, i can access on my web-mail but i can install or upgrade package with the usual command pkg_add.

I don't understand the problem.

pf.conf
Code:
ext_if="le0"

set skip on lo

scrub in

block in
pass out

antispoof quick for lo
sudo pfctl -sa
Code:
FILTER RULES:
scrub in all fragment reassemble
block drop in all
pass out all flags S/SA keep state
block drop in quick on ! lo inet6 from ::1 to any
block drop in quick on ! lo inet from 127.0.0.0/8 to any
block drop in quick on lo0 inet6 from fe80::1 to any
block drop in quick inet6 from ::1 to any
block drop in quick inet from 127.0.0.1 to any

INFO:
Status: Enabled for 0 days 00:24:20           Debug: Urgent

State Table                          Total             Rate
  current entries                        0               
  searches                            2511            1.7/s
  inserts                              115            0.1/s
  removals                             115            0.1/s
Counters
  match                                261            0.2/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              0            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                         0            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s

TIMEOUTS:
tcp.first                   120s
tcp.opening                  30s
tcp.established           86400s
tcp.closing                 900s
tcp.finwait                  45s
tcp.closed                   90s
tcp.tsdiff                   30s
udp.first                    60s
udp.single                   30s
udp.multiple                 60s
icmp.first                   20s
icmp.error                   10s
other.first                  60s
other.single                 30s
other.multiple               60s
frag                         30s
interval                     10s
adaptive.start             6000 states
adaptive.end              12000 states
src.track                     0s

LIMITS:
states        hard limit    10000
src-nodes     hard limit    10000
frags         hard limit     5000
tables        hard limit     1000
table-entries hard limit   200000

OS FINGERPRINTS:
696 fingerprints loaded
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Boot problem. Geometry problem? gulanito FreeBSD Installation and Upgrading 0 3rd July 2009 03:03 AM
Marvell Yukon driver cannot load with ACPI enabled GullibleJones FreeBSD General 2 15th September 2008 02:58 PM
Trouble with ftp with pf enabled kasse FreeBSD General 8 24th August 2008 11:25 PM


All times are GMT. The time now is 08:39 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick