On Friday 12 January 2007 10:30, Petr Salinger wrote: > Hi, > > currently I am able to build pfctl and authpf in > freebsd-utils source package. Patch is in svn. > > But I have not yet used packet filter, so I cannot properly test. > Please, could someone test whether they are really working ? > You can build them from source or I can send two binaries. > Currently they are builded during build of net-tools > binary package. Should they stay in net-tools > or should they go into own package (in this case, > please suggest name). > Also script for /etc/init.d/ would be appreciated. As far as I can test on my machine (only one network card) pf works fine! I've attached a file 'pf' which should go in /etc/network/if-pre-up.d so that pf is enabled when networking starts. Same file could go in /etc/init.d as well. kouk@quoth:~$ uname -a GNU/kFreeBSD quoth 6.2-1-686 #0 Mon Jan 15 14:40:15 EET 2007 i686 i386 Intel(R) Pentium(R) 4 CPU 2.66GHz GNU/kFreeBSD kouk@quoth:~$ sudo /sbin/pfctl -si Status: Enabled for 0 days 00:06:19 Debug: Urgent Hostid: 0x0de18f0d Interface Stats for em0 IPv4 IPv6 Bytes In 166002 0 Bytes Out 87769 208 [blablabla] kouk@quoth:~$ sudo /sbin/pfctl -sr scrub in all fragment reassemble block return in all pass out all keep state pass in on em0 inet proto tcp from any to (em0) port = ssh flags S/SA keep state pass in on em0 inet proto tcp from any to (em0) port = auth flags S/SA keep state pass in on em0 inet proto tcp from any to (em0) port = www flags S/SA keep state pass in on em0 inet proto tcp from any to (em0) port = https flags S/SA keep state pass in inet proto icmp all icmp-type echoreq keep state
Attachment:
pf
Description: application/shellscript