DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 27th July 2015
daemonbak daemonbak is offline
Fdisk Soldier
 
Join Date: Feb 2015
Posts: 51
Default pf.conf SEVER link and block/drop all data in and out from ip

I have been struggling to block all outbound inbound to an IP when a certain anchor is loaded.

basically, load anchor - kill all data to and from certain ip or ips if in variable.
unload anchor and all data will be sent and received through firewall.

However, they keep sending out data and recieving data after I load the block rules. Only after I reboot the firewall does the rule take effect.

Perhaps since the connection is already established, it won't obey the block rule?

Thanks.

Can post code later when ssh'd onto system.

Thanks
Reply With Quote
  #2   (View Single Post)  
Old 27th July 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,292
Default

See the pfctl(8) -K and -k options.
Reply With Quote
  #3   (View Single Post)  
Old 28th July 2015
daemonbak daemonbak is offline
Fdisk Soldier
 
Join Date: Feb 2015
Posts: 51
Default

I am still getting data going out to the interwebs from ips below. Verified through outside connection coming back in to 3 vpns.

Tried:
Quote:
pfctl -K 192.168.10.7 -K 192.168.10.8
Also Tried:
Quote:
pfctl -k 192.168.10.7 -k 192.168.10.8
Result:

Quote:
killed 0 src nodes from 1 sources and 1 destinations
I have tried the following blocks with no luck
(past attempts commented out for reference):

Quote:
### Declare internal interfaces
all_if="{ em0 em1 em2 }"
int_if="{ em1 em2 }"

### Declare special devices
workdamnyou="{ 192.168.10.7 192.168.10.8 }"



######################################
######## Blocking Traffic #######
######################################

#block out quick log on egress from any to $workdamnyou
#block out quick log on egress from $workdamnyou to any
#block in quick log on egress from any to $workdamnyou
#block in quick log on egress from $workdamnyou to any

#block in log quick on $int_if from $workdamnyou to any

block in log quick on $all_if from $workdamnyou to any
block in log quick on $all_if from any to $workdamnyou


Here is my block readout when anchor rule loaded:

Quote:
block drop in log quick on em0 inet from 192.168.10.7 to any
block drop in log quick on em0 inet from 192.168.10.8 to any
block drop in log quick on em0 inet from any to 192.168.10.7
block drop in log quick on em0 inet from any to 192.168.10.8
block drop in log quick on em1 inet from 192.168.10.7 to any
block drop in log quick on em1 inet from 192.168.10.8 to any
block drop in log quick on em1 inet from any to 192.168.10.7
block drop in log quick on em1 inet from any to 192.168.10.8
block drop in log quick on em2 inet from 192.168.10.7 to any
block drop in log quick on em2 inet from 192.168.10.8 to any
block drop in log quick on em2 inet from any to 192.168.10.7
block drop in log quick on em2 inet from any to 192.168.10.8
Reply With Quote
  #4   (View Single Post)  
Old 28th July 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,292
Default

I think you may have misread the man page. First, it is the -k option (lower case) which kill states. And, when you use it with two addresses, it will only kill existing states established between the two addresses. However, you selected two addresses on a local subnet where traffic would not be routed. Those two devices would communicate without transiting your firewall.

Look at the simple network below. Communication between two workstations on the local network doesn't involve the router at all.
Code:
{internet} - [router] - [workstations]
If you want to kill all states established between <workstation A> and anywhere on the internet, use: # pfctl -k <workstation A> without using a second address.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Connectivity Drop alpha202ej OpenBSD Security 1 19th April 2012 04:58 PM
Xtracting Data after Fragmentation / Block Count / Partition Problems on Boot IronForge OpenBSD Installation and Upgrading 3 16th December 2010 01:09 AM
Clickjacking 2.0 with drag & drop J65nko News 0 17th April 2010 07:54 PM
kde .desktop file link doesn't act like a link when opening files caesius FreeBSD Ports and Packages 3 14th October 2008 07:35 AM


All times are GMT. The time now is 06:08 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick