DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd October 2008
bsdnewbie999 bsdnewbie999 is offline
Package Pilot
 
Join Date: May 2008
Posts: 145
Thanked 0 Times in 0 Posts
Default packet filter configuration.

# MACROS
vm_ether = "vic0"
friends = "{ 87.248.113.14, 129.128.5.191, 209.85.175.147 }"

# DEFAULT DENY
block in on $vm_ether all
pass in on $vm_ether from $friends to any
#block out all


I had the filtering rules above and it should block the incoming packets from any IP addresses except from the macros friends but i still able to get ping reply packets other from $friends. Why?
Reply With Quote
  #2   (View Single Post)  
Old 23rd October 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Thanked 40 Times in 39 Posts
Default

pf creates state by default. By pinging other hosts, you are creating state that allows the replies back in.

Edit: http://www.openbsd.org/faq/pf/filter.html#state
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.

Last edited by robbak; 23rd October 2008 at 08:57 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sshguard and packet filter sputnik OpenBSD Security 0 18th April 2009 02:11 PM
Packet Sniffer for OpenBSD. bsdnewbie999 OpenBSD General 6 26th October 2008 02:28 AM
vr0: rx packet lost tutosun FreeBSD General 4 13th September 2008 10:13 AM
question about Packet Filter (pf) milo974 OpenBSD Security 2 31st July 2008 01:39 PM


All times are GMT. The time now is 02:42 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick