DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th January 2012
sws sws is offline
Port Guard
 
Join Date: Mar 2011
Posts: 12
Thanked 0 Times in 0 Posts
Default Cutting stateful connections

Hello,

I want my kids to use the internet only between 19:00 h and 21:00 h. So I created an anchor which is activated by cron accordingly. Blocking my kids IPs works by and large.

But what about stateful connections? If my son for example is using Skype while the pass rules are disabled (at 21:00 h) he is still able to use Skype after his IP is blocked by PF. Same phenomen appears for online games (Fiesta and the likes).

How do I cut all connections of the IPs in question when they are blocked?

Here is my anchor for passing my kid's IPs:

Quote:
int_if="re0"
int_net="192.168.0.0/24"
ext_if="fxp0"
kinder="{ 192.168.0.3, 192.168.0.4 }"
block drop in quick on $int_if inet from $kinder to any
Greets,
Sebastian
Reply With Quote
  #2   (View Single Post)  
Old 24th January 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,666
Thanked 214 Times in 189 Posts
Default

See pfctl(8) and the -k option.
Reply With Quote
  #3   (View Single Post)  
Old 24th January 2012
sws sws is offline
Port Guard
 
Join Date: Mar 2011
Posts: 12
Thanked 0 Times in 0 Posts
Default

Thank you jggimi,

that was exactly what I was looking for.

Greets,
Sebastian
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
need troubleshooting tip for vpn connections badguy OpenBSD Security 19 10th November 2010 02:53 PM
PF and Stateful Tracking Options mfaridi OpenBSD Security 9 15th April 2010 09:05 AM
Serial connections JMJ_coder General software and network 9 25th July 2008 03:28 PM
More tcp connections tad1214 FreeBSD General 8 5th June 2008 03:05 PM
OpenVPN - Problem with connections MME General software and network 2 26th May 2008 06:42 PM


All times are GMT. The time now is 09:07 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick