DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th January 2009
marc's Avatar
marc marc is offline
Port Guard
 
Join Date: Jul 2008
Location: Poland
Posts: 25
Thanked 0 Times in 0 Posts
Default TIP:a nice way to make your pf more "stealth"

Code:
pass out inet proto icmp all icmp-type 8 code 0 keep state
pass out proto udp all keep state
pass out proto tcp all modulate state
what do you think about it? do you have something better - more useful?
Reply With Quote
  #2   (View Single Post)  
Old 30th January 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,142
Thanked 182 Times in 149 Posts
Default

Those rules don't make an OBSD firewall stealth. Making sure that the block policy is drop does
An alternative could be to use a bridge, where the 2 interfaces have no IP addresses but where you still can filter traffic.

BTW keep state already has been the default for several releases, and thus does not need to be specified anymore
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 30th January 2009
marc's Avatar
marc marc is offline
Port Guard
 
Join Date: Jul 2008
Location: Poland
Posts: 25
Thanked 0 Times in 0 Posts
Default

Thank you for your suggestions. I`m sort of old-fashioned man.
Well, It looks like there is a sense of putting "drop" rule there.
Reply With Quote
Reply

Tags
hide, pf, stealth

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Opera Port - conflicting pkgs in "make install" IronForge OpenBSD Packages and Ports 5 29th October 2009 05:10 AM
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" jb_daefo Guides 0 5th October 2009 09:31 PM
Thoughts on "make deinstall clean" Mantazz FreeBSD Ports and Packages 8 14th September 2009 06:45 PM
"Thanks" and "Edit Tags". diw Feedback and Suggestions 2 29th March 2009 12:06 AM
New Kernel: "make depend" doesn't work nihonto NetBSD General 9 23rd January 2009 09:02 PM


All times are GMT. The time now is 08:22 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick