DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th September 2010
spaghetti_bolognese spaghetti_bolognese is offline
New User
 
Join Date: Sep 2010
Posts: 1
Thanked 0 Times in 0 Posts
Default Help needed with PF ruleset

I'm learning PF firewall for now and I'm looking at OpenBSD's page on PF.

I'm looking at the example and there's this line that I don't quite understand.

Code:
pass in on egress inet proto tcp from any to (egress) \
    port $tcp_services
I'm not sure if I understand this correctly, but I think that the bolded part meant that this rule will allow any TCP protocol traffic from egress (external outgoing interface) from any source. However, I don't get the subsequent part.

Code:
(egress) \
    port $tcp_services
Could someone please explain it to me?

Kind regards and thanks in advance.
Reply With Quote
  #2   (View Single Post)  
Old 14th September 2010
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,906
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by spaghetti_bolognese View Post
..I don't get the subsequent part.

Code:
(egress) \
    port $tcp_services
Could someone please explain it to me?
  • The parentheses about the external interface name indicates that the interface's IP address can change -- meaning that the address is set by an external DHCP server.
  • $tcp_services is a list which will have been previously defined. By the name, this must be a list of port numbers which are allowed to pass through the firewall.
Be aware that development on pf(4) has been rapid over the last few years. The syntax of rules have changed such that rulesets created for older versions of OpenBSD may no longer be valid. Because of this, it is important to match the documentation to whatever is installed. Always consider the pf(4) manpage the best source of information matched to the installed version. If the installed version is the latest publicly released version (currently OpenBSD 4.7), information found on the The OpenBSD Packet Filter guide is the second best source of information.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Free PF Ruleset 4.7 wesley OpenBSD Security 0 7th June 2010 06:18 AM
Free PF RuleSet 4.5 wesley OpenBSD Security 0 2nd June 2010 11:57 AM
Simple pf ruleset jhp FreeBSD General 2 30th March 2010 02:05 PM
FTP ruleset questions hitete OpenBSD Security 2 25th November 2008 05:30 PM


All times are GMT. The time now is 03:47 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick